Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1000124 | 1 Huge-it | 1 Portfolio Gallery | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6
|
|||||
| CVE-2015-2213 | 1 Wordpress | 1 Wordpress | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash.
|
|||||
| CVE-2014-9173 | 1 Google Doc Embedder Project | 1 Google Doc Embedder | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
|
|||||
| CVE-2016-0710 | 1 Apache | 1 Jetspeed | 2025-04-12 | 7.5 HIGH | 8.8 HIGH |
|
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
|
|||||
| CVE-2014-5440 | 1 Mpexsolutions | 1 Mx-smartimer | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter.
|
|||||
| CVE-2014-10020 | 1 Tecorange | 1 Simple E-document | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2015-4233 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu54037.
|
|||||
| CVE-2016-1000117 | 1 Huge-it | 1 Slideshow | 2025-04-12 | 6.5 MEDIUM | 7.2 HIGH |
|
XSS & SQLi in HugeIT slideshow v1.0.4
|
|||||
| CVE-2014-1651 | 1 Symantec | 1 Web Gateway | 2025-04-12 | 5.8 MEDIUM | N/A |
|
SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-7406 | 1 Mrbs Project | 1 Mrbs | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-3978 | 1 Tomatocart | 1 Tomatocart | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact.
|
|||||
| CVE-2014-3749 | 1 Construtiva | 1 Cis Manager Cms | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp.
|
|||||
| CVE-2011-5278 | 1 Advanced Forum Signatures Project | 1 Advanced Forum Signatures | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right parameter.
|
|||||
| CVE-2014-4858 | 1 Sabreairlinesolutions | 5 Crew Management, Crew Operations, Crew Planning and 2 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.
|
|||||
| CVE-2015-4342 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.
|
|||||
| CVE-2016-3659 | 1 Cacti | 1 Cacti | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter.
|
|||||
| CVE-2014-5186 | 1 All Video Gallery Plugin Project | 1 All-video-gallery | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php.
|
|||||
| CVE-2014-1597 | 1 I-doit | 1 I-doit | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI.
|
|||||
| CVE-2014-4649 | 1 Piwigo | 1 Piwigo | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.
|
|||||
| CVE-2014-5503 | 1 Cyberoam | 1 Cyberoam Os | 2025-04-12 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode.
|
|||||
| CVE-2016-8564 | 1 Siemens | 1 Automation License Manager | 2025-04-12 | 6.4 MEDIUM | 6.5 MEDIUM |
|
SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.
|
|||||
| CVE-2014-100019 | 1 Pomm-project | 1 Pomm | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-1455 | 1 Pearson | 1 Esis Enterprise Student Information System | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the password reset functionality in Pearson eSIS Enterprise Student Information System, possibly 3.3.0.13 and earlier, allows remote attackers to execute arbitrary SQL commands via the new password.
|
|||||
| CVE-2013-3961 | 1 Abeel | 1 Simple Php Agenda | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter.
|
|||||
| CVE-2012-5244 | 1 Bananadance | 1 Banana Dance | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.
|
|||||
| CVE-2014-3483 | 1 Rubyonrails | 1 Rails | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.
|
|||||
| CVE-2014-0137 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists.
|
|||||
| CVE-2014-2654 | 1 Mobfox | 1 Madserve | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adunits.php, or (3) edit_campaign.php in www/cp/.
|
|||||
| CVE-2016-1000118 | 1 Huge-it | 1 Slideshow | 2025-04-12 | 6.5 MEDIUM | 7.2 HIGH |
|
XSS & SQLi in HugeIT slideshow v1.0.4
|
|||||
| CVE-2015-8261 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.
|
|||||
| CVE-2016-1154 | 1 Cuore | 1 Ec-cube Help Plugin | 2025-04-12 | 7.5 HIGH | 9.1 CRITICAL |
|
SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in Cuore EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2015-2065 | 1 Apptha | 1 Wordpress Video Gallery | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php.
|
|||||
| CVE-2014-3962 | 1 Videos Tube Project | 1 Videos Tube | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php.
|
|||||
| CVE-2015-6004 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | 6.5 MEDIUM | 6.5 MEDIUM |
|
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.
|
|||||
| CVE-2015-1467 | 1 Fork-cms | 1 Fork Cms | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.
|
|||||
| CVE-2014-3934 | 1 Phpnuke | 2 Php-nuke, Submit News Module | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
|
|||||
| CVE-2015-1405 | 1 Content Rating Extbase Project | 1 Content Rating Extbase | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2016-9282 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter.
|
|||||
| CVE-2014-3138 | 1 Xerox | 1 Docushare | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2016-8903 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
SQL injection vulnerability in the "Site Browser > Templates pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter.
|
|||||