Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4066 | 1 Sir | 1 Gnuboard | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
|
|||||
| CVE-2012-1063 | 1 Manageengine | 1 Applications Manager | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do.
|
|||||
| CVE-2010-1702 | 1 Whmcs | 1 Whmcs | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in submitticket.php in WHMCompleteSolution (WHMCS) 4.2 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.
|
|||||
| CVE-2013-4948 | 1 Machform | 1 Machform | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.
|
|||||
| CVE-2009-4702 | 2 Markus Barchfeld, Typo3 | 2 Pm Tour, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4702 | 2 Fxwebdesign, Joomla | 2 Com Jradio, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2011-5234 | 1 Scripte24shop | 1 Social Network Community | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in user.php in Social Network Community 2 allows remote attackers to execute arbitrary SQL commands via the userId parameter.
|
|||||
| CVE-2010-1477 | 2 Joomla, Martin Hess | 2 Joomla\!, Com Sermonspeaker | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_sermons action to index.php.
|
|||||
| CVE-2010-5033 | 1 Fusebox | 1 Fusebox | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter.
|
|||||
| CVE-2010-4911 | 1 Sellatsite | 1 Php Classifieds Ads | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in classi/detail.php in PHP Classifieds Ads allows remote attackers to execute arbitrary SQL commands via the sid parameter.
|
|||||
| CVE-2010-1605 | 1 Ncrypted | 1 Nct Jobs Portal Script | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in isearch.php in NCT Jobs Portal Script allow remote attackers to execute arbitrary SQL commands via the (1) anyword and (2) cityname parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2010-4703 | 1 Hotwebscripts | 1 Hotweb Rentals | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PageId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-5102 | 1 Atcom | 1 Netvolution | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.
|
|||||
| CVE-2013-7242 | 1 Zenphoto | 1 Zenphoto | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter.
|
|||||
| CVE-2009-4624 | 1 Nicecoder | 1 Idesk | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843.
|
|||||
| CVE-2010-1269 | 1 Phpscripte24 | 1 Niedrig Gebote Pro Auktions System Ii | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
|
|||||
| CVE-2010-4993 | 2 Joomla, Kay Messerschmidt | 2 Joomla\!, Com Eventcal | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
|
|||||
| CVE-2010-3207 | 1 Galeriashqip | 1 Galeriashqip | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the album_id parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-1925 | 1 Rifat Kurban | 1 Tekno.portal | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817.
|
|||||
| CVE-2012-4772 | 1 Intelliants | 1 Subrion Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter.
|
|||||
| CVE-2012-2962 | 1 Sonicwall | 1 Scrutinizer | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
|
|||||
| CVE-2010-5017 | 1 Eliteladders | 1 Elite Gaming Ladders | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 allows remote attackers to execute arbitrary SQL commands via the account parameter.
|
|||||
| CVE-2010-5020 | 1 Netartmedia | 1 Iboutique | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2010-4400 | 1 Dynpg | 1 Dynpg | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.
|
|||||
| CVE-2013-5589 | 3 Cacti, Debian, Opensuse | 3 Cacti, Debian Linux, Opensuse | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-4992 | 1 Script-shop24 | 1 Lm Starmail Paidmail | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2012-0069 | 1 Batavi | 1 Batavi | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter.
|
|||||
| CVE-2009-4749 | 1 Phplivesupport | 1 Php Live\! | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php.
|
|||||
| CVE-2010-1344 | 2 Cookex, Joomla | 2 Com Ckforms, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter in a detail action to index.php.
|
|||||
| CVE-2011-5212 | 1 Intelliants | 1 Subrion Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field.
|
|||||
| CVE-2010-4996 | 1 Esoftpro | 1 Online Guestbook Pro | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
|
|||||
| CVE-2011-2149 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) Default.aspx, (3) Services/SiteAdmin.asmx, or (4) Client/frmViewReports.aspx; certain cookies to (5) Services/SiteAdmin.asmx or (6) login.aspx; the Referer HTTP header to (7) Services/SiteAdmin.asmx or (8) login.aspx; or (9) the User-Agent HTTP header to Services/SiteAdmin.asmx.
|
|||||
| CVE-2010-0690 | 1 Commodityrentals | 1 Video Games Rentals | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in CommodityRentals Video Games Rentals allows remote attackers to execute arbitrary SQL commands via the pfid parameter in a catalog action.
|
|||||
| CVE-2012-5098 | 1 J Waite | 1 Php-x-links | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (3) t parameter to pop.php.
|
|||||
| CVE-2009-4883 | 1 Todd Rogers | 1 Phprecipebook | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action.
|
|||||
| CVE-2013-1163 | 1 Cisco | 1 Connected Grid Network Management System | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the device-management implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCue14553 and CSCue38746.
|
|||||
| CVE-2012-6529 | 1 Marinet | 1 Marinet Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter to (3) room.php or (4) room2.php.
|
|||||
| CVE-2011-5116 | 1 Setseed | 1 Setseed Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, 5.11.2, and earlier allows remote attackers to execute arbitrary SQL commands via the loggedInUser cookie.
|
|||||
| CVE-2013-5302 | 2 Kennziffer, Typo3 | 2 Ke Search, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-4996 | 1 Rivetcode | 1 Rivettracker | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.php.
|
|||||