CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-17607 – CMS Auditor Website 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-17607
CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail. CMS Auditor Website 1.0 tiene una inyección SQL mediante el parámetro PATH_INFO en /news-detail. • https://www.exploit-db.com/exploits/43272 https://packetstormsecurity.com/files/145293/CMS-Auditor-Website-1.0-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14601
https://notcve.org/view.php?id=CVE-2017-14601
Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. Pragyan CMS v3.0 es vulnerable a una inyección SQL basada en valores booleanos en cms/admin.lib.php mediante $_GET['forwhat']. Esto deriva en una divulgación de información. • https://github.com/delta/pragyan/issues/228 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 1CVE-2017-14600
https://notcve.org/view.php?id=CVE-2017-14600
Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. Pragyan CMS v3.0 es vulnerable a una inyección SQL basada en errores en cms/admin.lib.php mediante $_GET['del_black']. Esto deriva en una divulgación de información. • https://github.com/delta/pragyan/issues/228 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2015-4627
https://notcve.org/view.php?id=CVE-2015-4627
SQL injection vulnerability in Pragyan CMS 3.0. Existe una vulnerabilidad de inyección SQL en Pragyan CMS 3.0. • https://github.com/delta/pragyan/issues/207 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-11324
https://notcve.org/view.php?id=CVE-2017-11324
An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of the backtick character, a SELECT query in class.SystemAction.php is vulnerable to SQL Injection. The vulnerability can be triggered via a POST request to /actionphp/action.input.php with the id parameter. Se ha descubierto un problema en Tilde CMS 1.0.1. Al no escapar el carácter acento grave, una consulta SELECT en class.SystemAction.php es vulnerable a inyección SQL. • https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •