LiveActive security incident?Get immediate response
CVE archive

2017 CVE Archive

Browse CVE records published in 2017 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 14752 matching CVEs · Page 1 of 296.

Unknown · CVSS Not scored

CVE-2017-17674: BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion.

BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery (SSRF), or remote code execution (RCE).

Published May 19, 2021 · Updated Jul 9, 2026

High · CVSS 8.8

CVE-2017-20253: Joomla! Component My Projects 2.0 SQL Injection

Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari parameter. Attackers can craft requests to the component endpoint with SQL injection payloads to extract sensitive database information including credentials and system data.

Published Jun 19, 2026 · Updated Jun 23, 2026

High · CVSS 8.8

CVE-2017-20259: Joomla OSDownloads 1.7.4 SQL Injection via item view

Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_osdownloads&view=item&id=[SQL] to extract sensitive database information including credentials and configuration data.

Published Jun 19, 2026 · Updated Jun 23, 2026

High · CVSS 7.1

CVE-2017-20265: Joomla! Component Flip Wall 8.0 SQL Injection

Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=com_flipwall&task=click&wallid parameter containing SQL injection payloads to extract sensitive database information.

Published Jun 19, 2026 · Updated Jun 23, 2026

High · CVSS 8.8

CVE-2017-20271: Joomla StreetGuessr Game 1.1.8 SQL Injection via catid

Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=com_streetguess&view=maps parameters and inject SQL code in the catid parameter to extract sensitive database information including version and database names.

Published Jun 19, 2026 · Updated Jun 23, 2026

High · CVSS 8.8

CVE-2017-20277: Joomla JoomRecipe 1.0.4 Component Blind SQL Injection via search_author

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques.

Published Jun 19, 2026 · Updated Jun 23, 2026

High · CVSS 8.8

CVE-2017-20280: Joomla Component Myportfolio 3.0.2 SQL Injection via pid Parameter

Joomla Component Myportfolio 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the pid parameter. Attackers can send GET requests to index.php with malicious pid values in the task=project&view=grid endpoint to extract sensitive database information.

Published Jun 19, 2026 · Updated Jun 23, 2026

High · CVSS 8.8

CVE-2017-20274: Joomla LMS King Professional 3.2.4.0 SQL Injection via learningpath

Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id parameter. Attackers can send GET requests to index.php with the option=com_lmsking, view=lmsking, layout=learningpath, and task=learningPath parameters to extract sensitive database information.

Published Jun 19, 2026 · Updated Jun 23, 2026

High · CVSS 8.8

CVE-2017-20268: Joomla! Component Zap Calendar Lite 4.3.4 SQL Injection

Joomla! Component Zap Calendar Lite 4.3.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'eid' parameter. Attackers can send GET requests to the RSVP plugin endpoint with crafted SQL payloads to extract sensitive database information including database names and table structures.

Published Jun 19, 2026 · Updated Jun 23, 2026

High · CVSS 8.8

CVE-2017-20262: Joomla! Component Ajax Quiz 1.8 SQL Injection

Joomla! Component Ajax Quiz 1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the cid parameter. Attackers can send GET requests to index.php with the option=com_ajaxquiz and view=ajaxquiz parameters to extract sensitive database information including table names and column structures.

Published Jun 19, 2026 · Updated Jun 23, 2026

High · CVSS 8.8

CVE-2017-20256: Joomla Survey Force Deluxe 3.2.4 SQL Injection via invite Parameter

Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in the invite parameter to extract sensitive database information.

Published Jun 19, 2026 · Updated Jun 23, 2026

High · CVSS 8.8

CVE-2017-20281: Joomla! Component Extra Search 2.2.8 SQL Injection

Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the establename parameter. Attackers can send GET requests to index.php with the option=com_extrasearch parameter and malicious SQL in the establename field to extract sensitive database information.

Published Jun 19, 2026 · Updated Jun 22, 2026

High · CVSS 8.8

CVE-2017-20275: Joomla! Component PHP-Bridge 1.2.3 SQL Injection via id Parameter

Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_phpbridge&view=phpview parameters and inject SQL code in the id parameter to extract database information including table and column names.

Published Jun 19, 2026 · Updated Jun 22, 2026

High · CVSS 8.8

CVE-2017-20269: Joomla! Component KissGallery 1.0.0 SQL Injection

Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive information.

Published Jun 19, 2026 · Updated Jun 22, 2026

High · CVSS 8.8

CVE-2017-20263: Joomla! FocalPoint Pro Free 1.2.3 SQL Injection via location

Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_focalpoint, view=location, and a crafted id parameter containing SQL commands to extract sensitive database information.

Published Jun 19, 2026 · Updated Jun 22, 2026

High · CVSS 8.8

CVE-2017-20257: Joomla! Component Quiz Deluxe 3.7.4 SQL Injection

Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flag_question task. Attackers can inject malicious SQL code via the stu_quiz_id or flag_quest parameters to manipulate database queries and extract sensitive information.

Published Jun 19, 2026 · Updated Jun 22, 2026

High · CVSS 8.8

CVE-2017-20255: Joomla! Component JB Visa 1.0 SQL Injection via visatype

Joomla! Component JB Visa 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the visatype parameter. Attackers can send GET requests to index.php with the option=com_bookpro and view=popup parameters, injecting SQL commands in the visatype parameter to extract sensitive database information including credentials and table contents.

Published Jun 19, 2026 · Updated Jun 22, 2026

High · CVSS 8.8

CVE-2017-20261: Joomla! Component Bargain Product VM3 1.0 SQL Injection

Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice views to extract sensitive database information.

Published Jun 19, 2026 · Updated Jun 22, 2026

High · CVSS 8.8

CVE-2017-20279: Joomla Payage 2.05 SQL Injection via aid Parameter

Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the make_payment task to extract sensitive database information using boolean-based blind or time-based blind techniques.

Published Jun 19, 2026 · Updated Jun 22, 2026

High · CVSS 8.8

CVE-2017-20273: Joomla Event Registration Pro Calendar 4.1.3 SQL Injection

Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_registrationpro&view=category&id parameter containing SQL injection payloads to extract sensitive database information.

Published Jun 19, 2026 · Updated Jun 22, 2026

High · CVSS 8.8

CVE-2017-20267: Joomla! Component Calendar Planner 1.0.1 SQL Injection

Joomla! Component Calendar Planner 1.0.1 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the category_id parameter. Attackers can send GET requests to the events view with malicious SQL code in the category_id parameter to extract sensitive database information.

Published Jun 19, 2026 · Updated Jun 22, 2026

High · CVSS 8.8

CVE-2017-20282: Joomla! Component jCart for OpenCart 2.0 SQL Injection

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the product_id parameter. Attackers can send GET requests to index.php with the option=com_jcart&route=product/product parameters and malicious product_id values to extract sensitive database information.

Published Jun 19, 2026 · Updated Jun 19, 2026

High · CVSS 8.8

CVE-2017-20254: Joomla! Component User Bench 1.0 SQL Injection via userid

Joomla! Component User Bench 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the userid parameter. Attackers can send GET requests to index.php with the option=com_userbench&view=detail&userid parameter containing SQL injection payloads to extract sensitive database information including credentials and configuration data.

Published Jun 19, 2026 · Updated Jun 19, 2026

High · CVSS 8.8

CVE-2017-20252: Joomla NextGen Editor 2.1.0 SQL Injection via plname Parameter

Joomla NextGen Editor 2.1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the plname parameter. Attackers can send GET requests to index.php with option=com_nge&view=config and inject malicious SQL code in the plname parameter to extract sensitive database information.

Published Jun 19, 2026 · Updated Jun 19, 2026

High · CVSS 8.7

CVE-2017-20248: WordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download

Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the intended directory.

Published Jun 9, 2026 · Updated Jun 9, 2026

High · CVSS 8.8

CVE-2017-20243: WordPress Car Park Booking Plugin SQL Injection via space_id

WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the space_id parameter. Attackers can send GET requests to the booking-page endpoint with malicious space_id values using AND SLEEP() payloads to extract sensitive database information.

Published Jun 9, 2026 · Updated Jun 9, 2026

Critical · CVSS 9.8

CVE-2017-20251: WordPress Insert PHP Plugin 4.7.0 PHP Code Injection via REST API

WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes through the WordPress REST API. Attackers can send POST requests to the wp-json/wp/v2/posts endpoint with crafted content containing insert_php shortcodes to include and execute remote PHP files on the server.

Published Jun 9, 2026 · Updated Jun 9, 2026

High · CVSS 8.7

CVE-2017-20250: WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside the intended plugin directory.

Published Jun 9, 2026 · Updated Jun 9, 2026

High · CVSS 8.8

CVE-2017-20249: WordPress Plugin Apptha Slider Gallery 1.0 SQL Injection

Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive database information including user credentials and authentication hashes.

Published Jun 9, 2026 · Updated Jun 9, 2026

High · CVSS 8.8

CVE-2017-20247: WordPress Plugin PICA Photo Gallery 1.0 SQL Injection

WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract sensitive database information including user credentials and table contents.

Published Jun 9, 2026 · Updated Jun 9, 2026

High · CVSS 8.8

CVE-2017-20246: KittyCatfish 2.2 Plugin for WordPress SQL Injection

KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kc_ad' parameter in base.css.php or kittycatfish.php to extract sensitive database information using boolean-based blind or time-based blind techniques.

Published Jun 9, 2026 · Updated Jun 9, 2026

High · CVSS 8.8

CVE-2017-20245: Wow Viral Signups 2.1 WordPress Plugin SQL Injection

Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payloads in the 'idsignup' parameter to read arbitrary data from the database.

Published Jun 9, 2026 · Updated Jun 9, 2026

High · CVSS 8.8

CVE-2017-20244: Wow Forms WordPress Plugin 2.1 SQL Injection

Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php endpoint with the 'send_mwp_form' action to extract sensitive database contents.

Published Jun 9, 2026 · Updated Jun 9, 2026

Medium · CVSS 6.5

CVE-2017-6030: Schneider Electric Modicon PLCs Predictable Value Range from Previous Values

A predictable value range from previous values issue was discovered in Schneider Electric Modicon PLCs Modicon M221, firmware versions prior to Version 1.5.0.0, Modicon M241, firmware versions prior to Version 4.0.5.11, and Modicon M251, firmware versions prior to Version 4.0.5.11. The affected products generate insufficiently random TCP initial sequence numbers that may allow an attacker to predict the numbers from previous values. This may allow an attacker to spoof or disrupt TCP connections.

Published Jun 30, 2017 · Updated Jun 4, 2026

Critical · CVSS 9.8

CVE-2017-7898: An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Al...

An Improper Restriction of Excessive Authentication Attempts issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. There are no penalties for repeatedly entering incorrect passwords.

Published Jun 30, 2017 · Updated Jun 3, 2026

Critical · CVSS 9.8

CVE-2017-7903: A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 prog...

A Weak Password Requirements issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 programmable-logic controllers 1763-L16AWA, Series A and B, Version 16.00 and prior versions; 1763-L16BBB, Series A and B, Version 16.00 and prior versions; 1763-L16BWA, Series A and B, Version 16.00 and prior versions; and 1763-L16DWD, Series A and B, Version 16.00 and prior versions and Allen-Bradley MicroLogix 1400 programmable logic controllers 1766-L32AWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWA, Series A and B, Version 16.00 and prior versions; 1766-L32BWAA, Series A and B, Version 16.00 and prior versions; 1766-L32BXB, Series A and B, Version 16.00 and prior versions; 1766-L32BXBA, Series A and B, Version 16.00 and prior versions; and 1766-L32AWAA, Series A and B, Version 16.00 and prior versions. The affected products use a numeric password with a small maximum character size for the password.

Published Jun 30, 2017 · Updated Jun 3, 2026

Medium · CVSS 5.3

CVE-2017-9947: A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all...

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.

Published Oct 23, 2017 · Updated Jun 2, 2026

High · CVSS 8.6

CVE-2017-16715: An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort...

An Information Exposure issue was discovered in Moxa NPort 5110 Version 2.2, NPort 5110 Version 2.4, NPort 5110 Version 2.6, NPort 5110 Version 2.7, NPort 5130 Version 3.7 and prior, and NPort 5150 Version 3.7 and prior. An attacker may be able to exploit a flaw in the handling of Ethernet frame padding that may allow for information exposure.

Published Nov 16, 2017 · Updated Jun 2, 2026