Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7453 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
|
|||||
| CVE-2013-4058 | 1 Ibm | 1 Infosphere Information Server | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces.
|
|||||
| CVE-2013-2945 | 1 B2evolution | 1 B2evolution | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
|
|||||
| CVE-2014-2736 | 1 Modx | 1 Modx Revolution | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php.
|
|||||
| CVE-2014-9254 | 1 Minibb | 1 Minibb | 2025-04-12 | 7.5 HIGH | N/A |
|
bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php.
|
|||||
| CVE-2014-9235 | 1 Zoph | 1 Zoph | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.
|
|||||
| CVE-2014-9175 | 1 Wpdatatables | 1 Wpdatatables | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php.
|
|||||
| CVE-2014-5389 | 1 Content Audit Project | 1 Content Audit | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php.
|
|||||
| CVE-2015-1518 | 1 Redaxscript | 1 Redaxscript | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the search_post function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.
|
|||||
| CVE-2015-1479 | 1 Zohocorp | 1 Servicedesk Plus | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.
|
|||||
| CVE-2016-1000113 | 1 Huge-it | 1 Gallery | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
XSS and SQLi in huge IT gallery v1.1.5 for Joomla
|
|||||
| CVE-2016-9272 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 6.4 MEDIUM | 9.1 CRITICAL |
|
A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with the rerank array parameter, can lead to site database information disclosure and denial of service.
|
|||||
| CVE-2015-1372 | 1 Ferretcms Project | 1 Ferretcms | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php.
|
|||||
| CVE-2014-3759 | 1 Karlen Walter | 1 Si Bibtex | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the (1) search or (2) list functionality.
|
|||||
| CVE-2014-5192 | 1 Sphider | 1 Sphider | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter.
|
|||||
| CVE-2015-2035 | 1 Piwigo | 1 Piwigo | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.
|
|||||
| CVE-2014-3997 | 1 Zohocorp | 2 Manageengine It360, Manageengine Password Manager Pro | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the MetadataServlet servlet in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition 5 through 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to MetadataServlet.dat.
|
|||||
| CVE-2014-3757 | 1 Phpmanufaktur | 1 Kitform | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter.
|
|||||
| CVE-2014-9239 | 2 Invisioncommunity, Invisionpower | 2 Invision Power Board, Invision Power Board | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.
|
|||||
| CVE-2014-9450 | 1 Zabbix | 1 Zabbix | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.
|
|||||
| CVE-2015-3947 | 1 Advantech | 1 Webaccess | 2025-04-12 | 6.5 MEDIUM | 8.1 HIGH |
|
SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2015-6522 | 1 Wpsymposium | 1 Wp Symposium | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.
|
|||||
| CVE-2016-6419 | 1 Cisco | 1 Secure Firewall Management Center | 2025-04-12 | 6.0 MEDIUM | 7.5 HIGH |
|
SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485.
|
|||||
| CVE-2014-8664 | 1 Sap | 1 Environment Health And Safety | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-7153 | 1 Huge-it | 1 Image Gallery | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php.
|
|||||
| CVE-2014-5387 | 2 Ellislab, Expressionengine | 2 Expressionengine, Expressionengine | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.
|
|||||
| CVE-2015-4066 | 1 Tri | 1 Gigpress | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add action in the gigpress.php page to wp-admin/admin.php.
|
|||||
| CVE-2014-100003 | 1 Yourmembers Project | 1 Yourmembers | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI.
|
|||||
| CVE-2014-10004 | 1 Maianscriptworld | 1 Maian Uploader | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2016-4837 | 1 Ec-cube | 1 Discount Coupon | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-1803 | 1 Php-fusion | 1 Php-fusion | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) parameter name starting with "delete_attach_" in an edit action to forum/postedit.php; the (3) poll_opts[] parameter in a newthread action to forum/postnewthread.php; the (4) pm_email_notify, (5) pm_save_sent, (6) pm_inbox, (7) ...
Show More |
|||||
| CVE-2013-0735 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php.
|
|||||
| CVE-2014-5109 | 1 Netfortris | 1 Trixbox | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.
|
|||||
| CVE-2015-6331 | 1 Cisco | 1 Prime Collaboration Assurance | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCus39887.
|
|||||
| CVE-2015-3325 | 1 Wpsymposium | 1 Wp Symposium | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI.
|
|||||
| CVE-2016-8908 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the "Site Browser > HTML pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
|
|||||
| CVE-2015-6486 | 1 Rockwellautomation | 2 Micrologix 1100 Firmware, Micrologix 1400 Firmware | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-9440 | 1 Phpmyrecipes Project | 1 Phpmyrecipes | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
|||||
| CVE-2016-5048 | 1 Readydesk | 1 Readydesk | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to execute arbitrary SQL commands via the user name field.
|
|||||
| CVE-2014-2238 | 1 Mantisbt | 1 Mantisbt | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.
|
|||||