Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4872 | 1 Logoshows | 1 Logoshows Bbs | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
|
|||||
| CVE-2013-2627 | 1 Idleman | 1 Leed | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action.
|
|||||
| CVE-2010-1350 | 2 Joomla, Joomlaprojects | 2 Joomla\!, Com Jp Jobs | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JP Jobs (com_jp_jobs) component 1.4.1 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
|
|||||
| CVE-2010-0614 | 1 Myshell | 1 Evalsmsi | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the (1) question action, and possibly the (2) sub_par or (3) num_quest actions.
|
|||||
| CVE-2010-2915 | 1 Ajsquare | 1 Aj Hyip | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2013-5311 | 1 Vastal | 1 Phpvid | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. NOTE: the cat parameter is already covered by CVE-2008-4157.
|
|||||
| CVE-2010-1010 | 2 Matthias Kall, Typo3 | 2 Mk Wastebasket, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-4789 | 1 Cotonti | 1 Cotonti Siena | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.
|
|||||
| CVE-2013-5121 | 1 Phpfox | 1 Phpfox | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/.
|
|||||
| CVE-2010-2926 | 1 Solucija | 1 Snews | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
|||||
| CVE-2010-4782 | 1 Softwebsnepal | 1 Ananda Real Estate | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.
|
|||||
| CVE-2010-4887 | 2 Raphael Zschorsch, Typo3 | 2 Commentsbe, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4185 | 1 Energine | 1 Energine | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Energine, possibly 2.3.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the NRGNSID cookie.
|
|||||
| CVE-2010-4917 | 1 A-blog | 1 A-blog | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter.
|
|||||
| CVE-2013-6985 | 1 Enorth | 1 Webpublisher Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter.
|
|||||
| CVE-2011-5168 | 1 Bananadance | 1 Banana Dance | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-0456 | 2 Indianpulses, Joomla | 2 Com Gameserver, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php.
|
|||||
| CVE-2010-5024 | 1 Cutesite | 1 Cutesite Cms | 2025-04-11 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in manage/add_user.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote authenticated users, with Read privileges, to execute arbitrary SQL commands via the user_id parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-4957 | 2 Nadine Schwingler, Typo3 | 2 Ke Questionnaire, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-2910 | 2 Alexred, Joomla | 2 Com Oziogallery, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
|
|||||
| CVE-2012-4601 | 1 Tecnick | 1 Tcexam | 2025-04-11 | 6.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php.
|
|||||
| CVE-2010-4814 | 1 Bestsoftinc | 1 Advance Hotel Booking System | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Advance Hotel Booking System 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2010-5026 | 1 Sfiab | 1 Science Fair In A Box | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-1613 | 1 Symantec | 2 Security Information Manager, Security Information Manager Appliance | 2025-04-11 | 4.7 MEDIUM | N/A |
|
SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-3924 | 1 Aimluck | 1 Aipo | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-4055 | 1 Uiga | 1 Fan Club | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter.
|
|||||
| CVE-2013-0451 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-2461 | 1 Jce-tech | 1 Overstock Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter.
|
|||||
| CVE-2010-3601 | 1 Invisionpower | 1 Ibphotohost | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter.
|
|||||
| CVE-2012-3395 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data.
|
|||||
| CVE-2012-6519 | 1 Diy-cms | 1 Diy-cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php.
|
|||||
| CVE-2011-2546 | 1 Cisco | 4 Sa500 Software, Sa520, Sa520w and 1 more | 2025-04-11 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669.
|
|||||
| CVE-2010-0673 | 2 Copperleaf, Wordpress | 2 Photolog, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter.
|
|||||
| CVE-2012-6516 | 1 Shawn Bradley | 1 Php Ticket System | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PHP Ticket System Beta 1 allows remote attackers to execute arbitrary SQL commands via the q parameter to index.php.
|
|||||
| CVE-2012-2115 | 1 Open-emr | 1 Openemr | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.
|
|||||
| CVE-2010-4280 | 1 Artica | 1 Pandora Fms | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an operation/agentes/estado_agente action to index.php, related to operation/agentes/estado_agente.php.
|
|||||
| CVE-2009-4701 | 2 Liviu Mitrofan, Typo3 | 2 Myth Download, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-1617 | 1 Symantec | 3 Web Gateway, Web Gateway Appliance 8450, Web Gateway Appliance 8490 | 2025-04-11 | 7.4 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-4715 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-5350 | 1 Wordpress | 2 Pay-with-tweet, Wordpress | 2025-04-11 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode.
|
|||||