Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4348 | 1 Spider Contacts Project | 1 Spider Contacts | 2025-04-12 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-3872 | 1 Dlink | 2 Dap-1350, Dap-1350 Firmware | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.
|
|||||
| CVE-2016-6619 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
|
|||||
| CVE-2015-8604 | 1 Cacti | 1 Cacti | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.
|
|||||
| CVE-2016-1000119 | 1 Huge-it | 1 Catalog | 2025-04-12 | 6.5 MEDIUM | 7.2 HIGH |
|
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
|
|||||
| CVE-2015-2843 | 1 Goautodial | 1 Goadmin Ce | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/.
|
|||||
| CVE-2015-4678 | 1 Persian Car Cms Project | 1 Persian Car Cms | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI.
|
|||||
| CVE-2015-2070 | 1 Etouch | 1 Samepage | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed.
|
|||||
| CVE-2012-5648 | 1 Theforeman | 1 Foreman | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.
|
|||||
| CVE-2014-5249 | 1 Biblio Autocomplete Project | 1 Biblio Autocomplete | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2015-6829 | 1 Ciphercoin | 1 Wp Limit Login Attempts | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header.
|
|||||
| CVE-2014-5458 | 1 Php-sqrl Project | 1 Php-sqrl | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sqrl_verify.php in php-sqrl allows remote attackers to execute arbitrary SQL commands via the message parameter.
|
|||||
| CVE-2014-8498 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.
|
|||||
| CVE-2015-2237 | 1 Betster Project | 1 Betster | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php.
|
|||||
| CVE-2016-7919 | 1 Moodle | 1 Moodle | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields.
|
|||||
| CVE-2016-6652 | 1 Pivotal Software | 1 Spring Data Jpa | 2025-04-12 | 6.8 MEDIUM | 5.6 MEDIUM |
|
SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.
|
|||||
| CVE-2014-8682 | 1 Gogits | 1 Gogs | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.
|
|||||
| CVE-2015-4426 | 1 Pimcore | 1 Pimcore | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy.
|
|||||
| CVE-2016-2355 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1.
|
|||||
| CVE-2014-5275 | 1 Prochatrooms | 1 Text Chat Rooms | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter.
|
|||||
| CVE-2015-2563 | 1 Vastal | 1 Phpvid | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157.
|
|||||
| CVE-2016-1000000 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
|
|||||
| CVE-2015-2183 | 1 Zeuscart | 1 Zeuscart | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to admin/.
|
|||||
| CVE-2012-2956 | 1 Spiceworks | 1 Spiceworks | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS.
|
|||||
| CVE-2015-8769 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
|
SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2015-5668 | 1 Techno Project Japan | 1 Enisys Gw | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2016-2299 | 1 Ecava | 1 Integraxor | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
|
SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-10013 | 1 Strategy11 | 1 Awp Classifieds | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action.
|
|||||
| CVE-2014-9237 | 1 Proticaret | 1 Proticaret | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request.
|
|||||
| CVE-2015-6433 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767.
|
|||||
| CVE-2015-0580 | 1 Cisco | 1 Secure Access Control System | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027.
|
|||||
| CVE-2012-3820 | 1 Arialsoftware | 1 Campaign Enterprise | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field to activate.asp or (2) UID field to User-Edit.asp.
|
|||||
| CVE-2014-5201 | 1 Gallery Objects Project | 1 Gallery Objects | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php.
|
|||||
| CVE-2015-1423 | 1 Jakweb | 1 Gecko Cms | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php.
|
|||||
| CVE-2013-6311 | 1 Ibm | 1 Marketing Platform | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-10038 | 1 Domphp | 1 Domphp | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter.
|
|||||
| CVE-2012-1506 | 1 Orangehrm | 1 Orangehrm | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2014-100011 | 1 Sendy | 1 Sendy | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter.
|
|||||
| CVE-2013-4467 | 1 Vicidial | 1 Vicidial | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2015-1450 | 1 Restaurantbiller | 1 Restaurant Biller | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Restaurant Biller allows remote attackers to execute arbitrary SQL commands via the cid parameter in a category action to index.php.
|
|||||