探索與 SQL Injection 漏洞相關的 CVE,並依公開年份篩選。本清單預設優先展示最新揭露,並支援依 CVSS 與 EPSS 風險分數進一步篩選。
涵蓋最新漏洞揭露與趨勢,協助安全團隊快速識別高風險問題與被利用可能性。
目前為 SQL Injection 類型、2017 年公開的 CVE。 檢視完整 CVE 清單
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2017-17983 | PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. | 8.8 | 0.23% | 2017-12-30 | 2026-05-13 |
| CVE-2017-17920 | SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | 8.1 | 0.51% | 2017-12-29 | 2026-05-13 |
| CVE-2017-17919 | SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | 8.1 | 0.58% | 2017-12-29 | 2026-05-13 |
| CVE-2017-17917 | SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | 8.1 | 1.31% | 2017-12-29 | 2026-05-13 |
| CVE-2017-17916 | SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input | 8.1 | 0.61% | 2017-12-29 | 2026-05-13 |
| CVE-2014-4914 | The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | 9.8 | 3.44% | 2017-12-29 | 2026-05-13 |
| CVE-2017-17959 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. | 9.8 | 0.26% | 2017-12-28 | 2026-05-13 |
| CVE-2017-17957 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. | 9.8 | 0.26% | 2017-12-28 | 2026-05-13 |
| CVE-2017-17951 | PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. | 9.8 | 0.26% | 2017-12-28 | 2026-05-13 |
| CVE-2017-17950 | Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. | 8.8 | 0.24% | 2017-12-28 | 2026-05-13 |
| CVE-2017-17941 | PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. | 7.2 | 0.24% | 2017-12-28 | 2026-05-13 |
| CVE-2015-3637 | SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters. | 8.1 | 0.90% | 2017-12-28 | 2026-05-13 |
| CVE-2017-17931 | PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. | 9.8 | 0.26% | 2017-12-27 | 2026-05-13 |
| CVE-2017-17928 | PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | 9.8 | 0.26% | 2017-12-27 | 2026-05-13 |
| CVE-2017-17906 | PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. | 9.8 | 0.26% | 2017-12-27 | 2026-05-13 |
| CVE-2017-17900 | SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the socid parameter. | 9.8 | 0.34% | 2017-12-27 | 2026-05-13 |
| CVE-2017-17899 | SQL injection vulnerability in adherents/subscription/info.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the rowid parameter. | 9.8 | 0.34% | 2017-12-27 | 2026-05-13 |
| CVE-2017-17897 | SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 9.8 | 0.34% | 2017-12-27 | 2026-05-13 |
| CVE-2017-17895 | Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. | 9.8 | 0.26% | 2017-12-27 | 2026-05-13 |
| CVE-2017-17892 | Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. | 9.8 | 0.26% | 2017-12-27 | 2026-05-13 |