Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-8904 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the "Site Browser > Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
|
|||||
| CVE-2015-2066 | 1 Dlguard | 1 Dlguard | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php.
|
|||||
| CVE-2014-6295 | 1 Wec Map Project | 1 Wec Map | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2015-7235 | 1 Cp Reservation Calender Project | 1 Cp Reservation Calender | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI.
|
|||||
| CVE-2014-8995 | 1 Maarch | 1 Letterbox | 2025-04-12 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.
|
|||||
| CVE-2014-2303 | 1 Webedition | 1 Webedition Cms | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter.
|
|||||
| CVE-2015-4018 | 1 Feedwordpress Project | 1 Feedwordpress | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.
|
|||||
| CVE-2011-4970 | 1 Disk Pool Manager Project | 1 Disk Pool Manager | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dpm_get_pending_req_by_token, (2) dpm_get_cpr_by_fullid, (3) dpm_get_cpr_by_surl, (4) dpm_get_cpr_by_surls, (5) dpm_get_gfr_by_fullid, (6) dpm_get_gfr_by_surl, (7) dpm_get_pfr_by_fullid, (8) dpm_get_pfr_by_surl, (9) dpm_get_req_by_token, (10) dpm_insert_cpr_entry, (11) dpm_insert_gfr_entry, (12) dpm_in ...
Show More |
|||||
| CVE-2014-3828 | 1 Merethis | 2 Centreon, Centreon Enterprise Server | 2025-04-12 | 10.0 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allow remote attackers to execute arbitrary SQL commands via (1) the index_id parameter to views/graphs/common/makeXML_ListMetrics.php, (2) the sid parameter to views/graphs/GetXmlTree.php, (3) the session_id parameter to views/graphs/graphStatus/displayServiceStatus.php, (4) the mnftr_id parameter to configuration/configObject/traps/GetXMLTrapsForVendor.php, or (5) the index ...
Show More |
|||||
| CVE-2015-1403 | 1 Content Rating Project | 1 Content Rating | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2015-5599 | 1 Powerplay Gallery Project | 1 Powerplay Gallery | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter.
|
|||||
| CVE-2015-3345 | 1 Phplist Integration Project | 1 Phplist Integration | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList database."
|
|||||
| CVE-2015-2090 | 1 Sympies | 1 Wordpress Survey And Poll | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.
|
|||||
| CVE-2015-1560 | 1 Centreon | 1 Centreon | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php.
|
|||||
| CVE-2014-5104 | 1 Ol-commerce Project | 1 Ol-commerce | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
|
|||||
| CVE-2015-7999 | 1 Citrix | 1 Command Center | 2025-04-12 | 6.5 MEDIUM | 8.1 HIGH |
|
Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-4644 | 1 Cacti | 1 Superlinks | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2016-1393 | 1 Cisco | 1 Cloud Network Automation Provisioner | 2025-04-12 | 6.5 MEDIUM | 7.1 HIGH |
|
SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175.
|
|||||
| CVE-2016-4507 | 1 Bosch | 1 Bladecontrol-webvis | 2025-04-12 | 5.5 MEDIUM | 6.4 MEDIUM |
|
SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2016-5653 | 1 Misys | 1 Fusioncapital Opics Plus | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter.
|
|||||
| CVE-2014-9566 | 1 Solarwinds | 8 Orion Ip Address Manager, Orion Netflow Traffic Analyzer, Orion Network Configuration Manager and 5 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 11.5, NetFlow Traffic Analyzer (NTA) before 4.1, Network Configuration Manager (NCM) before 7.3.2, IP Address Manager (IPAM) before 4.3, User Device Tracker (UDT) before 3.2, VoIP & Network Quality Manager (VNQM) before 4.2, Server & Application Manager (SAM) before 6.2, Web Performance Monitor (WPM) ...
Show More |
|||||
| CVE-2015-5148 | 1 Livelycart | 1 Livelycart | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in LivelyCart 1.2.0 allows remote attackers to execute arbitrary SQL commands via the search_query parameter to product/search.
|
|||||
| CVE-2013-5640 | 1 Raoul Proenca | 1 Gnew | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thre ...
Show More |
|||||
| CVE-2016-4999 | 1 Redhat | 3 Dashbuilder, Jboss Bpm Suite, Jboss Enterprise Brms Platform | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.
|
|||||
| CVE-2015-1875 | 1 Palosanto | 1 Elastix | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in a2billing/customer/iridium_threed.php in Elastix 2.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the transactionID parameter.
|
|||||
| CVE-2015-7857 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.
|
|||||
| CVE-2014-9115 | 1 Piwigo | 1 Piwigo | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit.
|
|||||
| CVE-2015-6659 | 1 Drupal | 1 Drupal | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment.
|
|||||
| CVE-2011-5308 | 1 Cdnvote Project | 1 Cdnvote | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2) cdnvote_point parameter.
|
|||||
| CVE-2015-6911 | 1 Synology | 1 Video Station | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.
|
|||||
| CVE-2015-6943 | 1 S9y | 1 Serendipity | 2025-04-12 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php.
|
|||||
| CVE-2016-9864 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 6.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4 ...
Show More |
|||||
| CVE-2016-4522 | 1 Rockwellautomation | 1 Factorytalk Energrymetrix | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-3382 | 1 Cisco | 1 Asa | 2025-04-12 | 7.8 HIGH | N/A |
|
The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027.
|
|||||
| CVE-2015-5459 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc.
|
|||||
| CVE-2014-5521 | 1 Xrms Crm Project | 1 Xrms Crm | 2025-04-12 | 6.5 MEDIUM | N/A |
|
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.
|
|||||
| CVE-2015-5452 | 1 Watchguard | 1 Xcs | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost/imp/compose.php3.
|
|||||
| CVE-2014-3210 | 2 Dotonpaper, Wordpress | 2 Booking System, Wordpress | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.
|
|||||
| CVE-2012-5853 | 1 Vinojcardoza | 1 Ajax Post Search | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php.
|
|||||
| CVE-2014-8294 | 1 Php Resource | 1 Voice Of Web Allmyguests | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or (3) Password.
|
|||||