| Max CVSS | 7.5 | Min CVSS | 6.8 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-1171 | 7.5 |
SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
|
16-10-2018 - 16:37 | 02-03-2007 - 21:18 | |
| CVE-2017-10682 | 7.5 |
SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.
|
20-12-2017 - 02:29 | 29-06-2017 - 21:29 | |
| CVE-2014-3120 | 6.8 |
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended se
|
06-12-2016 - 18:13 | 28-07-2014 - 19:55 |