Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3810 | 1 Boonex | 1 Dolphin | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in administration/profiles.php in BoonEx Dolphin 7.1.4 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the members[] parameter. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-4333.
|
|||||
| CVE-2014-3906 | 1 Kk-osk | 2 Advance-flow, Advance-flow Forms | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-10034 | 1 Couponphp | 1 Couponphp | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/.
|
|||||
| CVE-2016-2950 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-5520 | 1 Xrms Crm Project | 1 Xrms Crm | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.
|
|||||
| CVE-2015-5023 | 1 Ibm | 1 Curam Social Program Management | 2025-04-12 | 6.5 MEDIUM | 5.4 MEDIUM |
|
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-7814 | 1 Redhat | 1 Cloudforms 3.1 Management Engine | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter.
|
|||||
| CVE-2015-2803 | 1 Akronymmanager Project | 1 Akronymmanager | 2025-04-12 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2014-9229 | 1 Symantec | 1 Endpoint Protection | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role.
|
|||||
| CVE-2015-0161 | 1 Ibm | 1 Security Siteprotector System | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2015-1576 | 1 Yuba | 1 U5cms | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ parameter to u5admin/meta2.php; or (9) newname parameter to u5admin/rename2.php.
|
|||||
| CVE-2015-5078 | 1 Limesurvey | 1 Limesurvey | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter.
|
|||||
| CVE-2013-7375 | 1 Php-fusion | 1 Php-fusion | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.
|
|||||
| CVE-2014-3326 | 1 Cisco | 1 Security Manager | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957.
|
|||||
| CVE-2015-2972 | 1 Sysphonic | 1 Thetis | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2015-2102 | 1 Clip-bucket | 1 Clipbucket | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.
|
|||||
| CVE-2015-7448 | 1 Ibm | 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more | 2025-04-12 | 6.5 MEDIUM | 5.4 MEDIUM |
|
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-9464 | 1 Microweber | 1 Microweber | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
|
|||||
| CVE-2015-8157 | 1 Broadcom | 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticat ...
Show More |
|||||
| CVE-2015-2292 | 1 Yoast | 1 Wordpress Seo | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
|
|||||
| CVE-2014-10029 | 1 Fluxbb | 1 Fluxbb | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.
|
|||||
| CVE-2014-2587 | 1 Mcafee | 1 Asset Manager | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter).
|
|||||
| CVE-2012-6654 | 1 Zpanelcp | 1 Zpanel | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) resetkey or (2) inConfEmail parameter to index.php, a different vulnerability than CVE-2012-5685.
|
|||||
| CVE-2013-3727 | 1 Kasseler-cms | 1 Kasseler-cms | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users to execute arbitrary SQL commands via the groups[] parameter to admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
|
|||||
| CVE-2015-2824 | 1 Simple Ads Manager Project | 1 Simple Ads Manager | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sa ...
Show More |
|||||
| CVE-2014-6293 | 1 Kennziffer | 1 Statistics | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014.
|
|||||
| CVE-2015-5641 | 1 Basercms | 1 Basercms | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2016-1000120 | 1 Huge-it | 1 Catalog | 2025-04-12 | 6.5 MEDIUM | 7.2 HIGH |
|
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
|
|||||
| CVE-2016-3172 | 1 Cacti | 1 Cacti | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.
|
|||||
| CVE-2014-4741 | 1 Artifectx | 1 Xclassified | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in demo/ads.php in Artifectx xClassified 1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2014-9457 | 1 Pmb Services | 1 Pmb | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php.
|
|||||
| CVE-2014-4736 | 1 Blogengine | 1 E2 | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in E2 before 2.4 (2845) allows remote attackers to execute arbitrary SQL commands via the note-id parameter to @actions/comment-process.
|
|||||
| CVE-2014-7981 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-4034 | 1 Aas9 | 1 Zerocms | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
|
|||||
| CVE-2014-6242 | 1 Tips And Tricks Hq | 1 All In One Wordpress Security And Firewall | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
|
|||||
| CVE-2015-1310 | 1 Sybase | 1 Adaptive Server Enterprise | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2015-2562 | 1 Web-dorado | 1 Ecommerce Wd | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php.
|
|||||
| CVE-2014-6239 | 1 Address Visualization With Google Maps Project | 1 Address Visualization With Google Maps | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-2949 | 1 F5 | 1 Arx Data Manager | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-7864 | 1 Zohocorp | 1 Manageengine Opmanager | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the (1) customerName or (2) serverRole parameter in a standbyUpdateInCentral operation to servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
|
|||||