Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9215 | 1 Pbboard | 1 Pbboard | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email parameter in the forget page vector is already covered by CVE-2012-4034.2.
|
|||||
| CVE-2015-4137 | 1 Milw0rm Project | 1 Milw0rm Clone Script | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter.
|
|||||
| CVE-2016-9135 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure.
|
|||||
| CVE-2012-5849 | 1 Clip-bucket | 1 Clipbucket | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to ...
Show More |
|||||
| CVE-2015-0699 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563.
|
|||||
| CVE-2014-5383 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2015-7239 | 1 Sap | 1 Netweaver J2ee Engine | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2015-2849 | 1 Antlabs | 6 Inngate Ig 3.01 E, Inngate Ig 3.10 E, Inngate Ig 3.10 M and 3 more | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.
|
|||||
| CVE-2015-1364 | 1 Freereprintables | 1 Articlefr | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/.
|
|||||
| CVE-2015-1392 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-3871 | 1 Geodesicsolutions | 1 Geocore Max | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823.
|
|||||
| CVE-2015-1471 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.
|
|||||
| CVE-2016-6195 | 1 Vbulletin | 1 Vbulletin | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in forumrunner/includes/moderation.php in vBulletin before 4.2.2 Patch Level 5 and 4.2.3 before Patch Level 1 allows remote attackers to execute arbitrary SQL commands via the postids parameter to forumrunner/request.php, as exploited in the wild in July 2016.
|
|||||
| CVE-2015-1013 | 1 Osisoft | 2 Pi Server, Pi Sql For Af | 2025-04-12 | 6.5 MEDIUM | N/A |
|
OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements.
|
|||||
| CVE-2016-10096 | 1 Genixcms | 1 Genixcms | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
|
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.
|
|||||
| CVE-2015-2956 | 1 Igreks | 3 Milkystep Light, Milkystep Professional, Milkystep Professional Oem | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-1645 | 1 Symantec | 1 Liveupdate Administrator | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2014-8588 | 1 Sap | 1 Hana | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2016-1000217 | 1 Zotpress Project | 1 Zotpress | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
Zotpress plugin for WordPress SQLi in zp_get_account()
|
|||||
| CVE-2014-2008 | 1 Mpay24 Project | 1 Mpay24 | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.
|
|||||
| CVE-2014-8366 | 1 Os4ed | 1 Opensis | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php.
|
|||||
| CVE-2014-6233 | 1 Flat Manager Project | 1 Flat Manager | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2015-5308 | 1 Wp-championship Project | 1 Wp-championship | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter.
|
|||||
| CVE-2014-9445 | 1 Installatron | 1 Gatequest File Manager | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
|
|||||
| CVE-2014-7176 | 1 Enalean | 1 Tuleap | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.
|
|||||
| CVE-2014-4960 | 1 Joomlaboat | 1 Com Youtubegallery | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.
|
|||||
| CVE-2016-3072 | 2 Katello, Redhat | 3 Katello, Enterprise Linux, Satellite | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
|
Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.
|
|||||
| CVE-2014-2311 | 1 Modx | 1 Modx Revolution | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2016-7405 | 3 Adodb Project, Fedoraproject, Php | 3 Adodb, Fedora, Php | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
|
|||||
| CVE-2014-7959 | 1 Ait-pro | 1 Bulletproof Security | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.
|
|||||
| CVE-2014-3857 | 1 Kerio | 1 Control | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php.
|
|||||
| CVE-2015-0919 | 1 Sefrengo | 1 Sefrengo | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.
|
|||||
| CVE-2015-4634 | 1 Cacti | 1 Cacti | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.
|
|||||
| CVE-2015-6910 | 1 Synology | 1 Video Station | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.
|
|||||
| CVE-2014-5183 | 1 Simple Retail Menus Plugin Project | 1 Simple-retail-menus | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php.
|
|||||
| CVE-2015-6962 | 1 Teiko | 1 Farol | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php.
|
|||||
| CVE-2015-1434 | 1 Mylittleforum | 1 My Little Forum | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.
|
|||||
| CVE-2014-4873 | 1 Bmc | 1 Track-it\! | 2025-04-12 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.
|
|||||
| CVE-2015-7319 | 1 Codepeople | 1 Appointment Booking Calendar | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to updating the username.
|
|||||
| CVE-2015-1442 | 1 Aas9 | 1 Zerocms | 2025-04-12 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. NOTE: The article_id parameter to zero_view_article.php vector is already covered by CVE-2014-4034.
|
|||||