Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2017. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2017-17731 | DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. | 9.8 | 13.19% | 2017-12-18 | 2026-06-16 |
| CVE-2017-17730 | DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. | 9.8 | 1.10% | 2017-12-18 | 2026-06-16 |
| CVE-2017-17713 | Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId para | 9.8 | 1.97% | 2017-12-16 | 2026-06-16 |
| CVE-2017-17695 | Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. | 8.8 | 0.96% | 2017-12-15 | 2026-06-16 |
| CVE-2017-5663 | In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query. | 8.8 | 2.09% | 2017-12-14 | 2026-06-16 |
| CVE-2017-17648 | Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter. | 9.8 | 3.80% | 2017-12-13 | 2026-06-16 |
| CVE-2017-17642 | Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job. | 9.8 | 2.20% | 2017-12-13 | 2026-06-16 |
| CVE-2017-17641 | Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter. | 9.8 | 2.20% | 2017-12-13 | 2026-06-16 |
| CVE-2017-17640 | Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter. | 9.8 | 2.20% | 2017-12-13 | 2026-06-16 |
| CVE-2017-17639 | Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter. | 9.8 | 2.20% | 2017-12-13 | 2026-06-16 |
| CVE-2017-17638 | Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter. | 9.8 | 2.20% | 2017-12-13 | 2026-06-16 |
| CVE-2017-17637 | Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter. | 9.8 | 2.20% | 2017-12-13 | 2026-06-16 |
| CVE-2017-17636 | MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter. | 9.8 | 2.20% | 2017-12-13 | 2026-06-16 |
| CVE-2017-17635 | MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter. | 9.8 | 2.20% | 2017-12-13 | 2026-06-16 |
| CVE-2017-17634 | Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. | 9.8 | 2.20% | 2017-12-13 | 2026-06-16 |
| CVE-2017-17633 | Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the trailer-detail.php moid parameter, show-time.php moid parameter, or event-detail.php eid parameter. | 9.8 | 2.20% | 2017-12-13 | 2026-06-16 |
| CVE-2017-17632 | Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. | 9.8 | 2.20% | 2017-12-13 | 2026-06-16 |
| CVE-2017-17631 | Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter. | 9.8 | 2.20% | 2017-12-13 | 2026-06-16 |
| CVE-2017-17630 | Yoga Class Script 1.0 has SQL Injection via the /list city parameter. | 9.8 | 2.20% | 2017-12-13 | 2026-06-16 |
| CVE-2017-17629 | Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter. | 9.8 | 2.20% | 2017-12-13 | 2026-06-16 |