Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2017. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2017-17875 | The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action. | 9.8 | 2.65% | 2017-12-27 | 2026-06-16 |
| CVE-2017-17873 | Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. | 9.8 | 2.65% | 2017-12-27 | 2026-06-16 |
| CVE-2017-17872 | The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action. | 9.8 | 2.65% | 2017-12-27 | 2026-06-16 |
| CVE-2017-17871 | The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter. | 9.8 | 2.65% | 2017-12-27 | 2026-06-16 |
| CVE-2017-17870 | The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action. | 9.8 | 3.00% | 2017-12-27 | 2026-06-16 |
| CVE-2017-0304 | A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected. | 5.4 | 0.99% | 2017-12-21 | 2026-06-16 |
| CVE-2017-17829 | Bus Booking Script has SQL Injection via the admin/view_seatseller.php sp_id parameter or the admin/view_member.php memid parameter. | 7.2 | 1.02% | 2017-12-21 | 2026-06-16 |
| CVE-2017-17824 | The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database. | 4.9 | 1.50% | 2017-12-20 | 2026-06-16 |
| CVE-2017-17823 | The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. | 4.9 | 1.49% | 2017-12-20 | 2026-06-16 |
| CVE-2017-17822 | The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. | 4.9 | 1.37% | 2017-12-20 | 2026-06-16 |
| CVE-2012-2576 | SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. | 9.8 | 59.15% | 2017-12-20 | 2026-06-16 |
| CVE-2017-16735 | A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log. | 5.3 | 1.02% | 2017-12-20 | 2026-06-16 |
| CVE-2017-16733 | A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information from the database. | 5.3 | 0.92% | 2017-12-20 | 2026-06-16 |
| CVE-2017-1757 | IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858. | 8.8 | 1.59% | 2017-12-20 | 2026-06-16 |
| CVE-2017-17779 | Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. | 9.8 | 1.10% | 2017-12-19 | 2026-06-16 |
| CVE-2017-15875 | SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. | 9.8 | 1.29% | 2017-12-18 | 2026-06-16 |
| CVE-2017-17721 | CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter. | 9.8 | 3.60% | 2017-12-18 | 2026-06-16 |
| CVE-2017-17651 | Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. | 9.8 | 3.05% | 2017-12-18 | 2026-06-16 |
| CVE-2017-17645 | Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php. | 9.8 | 3.05% | 2017-12-18 | 2026-06-16 |
| CVE-2017-17643 | FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. | 9.8 | 2.98% | 2017-12-18 | 2026-06-16 |