Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4609 | 1 Html-edit | 1 Html-edit Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action.
|
|||||
| CVE-2012-5348 | 1 Wilson Steven | 1 Mangosweb Enhanced | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php.
|
|||||
| CVE-2010-1727 | 1 Aspsiteware | 1 Jobpost | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in type.asp in JobPost 1.0 allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-4785 | 2 Bhavesh Chauhan, Joomla | 2 Com Quicknews, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php.
|
|||||
| CVE-2009-5026 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.
|
|||||
| CVE-2013-1748 | 1 Chatelao | 1 Php Address Book | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2.
|
|||||
| CVE-2010-1368 | 1 Gamescript | 1 Gamescript | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action.
|
|||||
| CVE-2011-1055 | 1 Lingxia273 | 1 Lingxia I.c.e Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm.
|
|||||
| CVE-2009-4718 | 1 Gonafish | 1 Webstatcaffe | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in visitorduration.php in Gonafish WebStatCaffe allows remote attackers to execute arbitrary SQL commands via the nodayshow parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2011-1562 | 1 Ecava | 1 Integraxor | 2025-04-11 | 7.5 HIGH | N/A |
|
Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate.
|
|||||
| CVE-2010-3479 | 1 Boutikone | 1 Boutikone | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2010-4915 | 1 Coldgen | 1 Coldbookmarks | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action.
|
|||||
| CVE-2011-0448 | 1 Rubyonrails | 1 Rails | 2025-04-11 | 7.5 HIGH | N/A |
|
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.
|
|||||
| CVE-2010-1338 | 2 Robertotto, Woltlab | 2 Teamsite Hack Plugin, Burning Board | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to execute arbitrary SQL commands via the userid parameter in a modboard action.
|
|||||
| CVE-2010-0344 | 1 Typo3 | 2 Typo3, Zak Store Management | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-4955 | 2 Thomas Hempel, Typo3 | 2 Th Ultracards, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2011-2751 | 1 Parodia | 1 Parodia | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Parodia before 6.809 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4990 | 2 B-elektro, Joomla | 2 Com Addressbook, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php.
|
|||||
| CVE-2010-4935 | 1 Khader Abbeb | 1 Entrans | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter.
|
|||||
| CVE-2010-2925 | 1 Openfreeway | 1 Freeway | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allows remote attackers to execute arbitrary SQL commands via the ecPath parameter.
|
|||||
| CVE-2010-4784 | 1 Phpwebscripts | 1 Easy Banner Free | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
|
|||||
| CVE-2010-0724 | 1 Mhd Zaher Ghaibeh | 1 Arab Cart | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-4982 | 1 Irokez | 1 Irokez Cms | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to the default URI.
|
|||||
| CVE-2013-7219 | 1 2glux | 1 Com Sexypolling | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter.
|
|||||
| CVE-2010-2019 | 1 Bukulokomedia | 1 Lokomedia Cms | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2010-4961 | 2 Dev-team Typoheads, Typo3 | 2 Webkitpdf, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-0905 | 1 Dev\!l\'s | 1 Dev\!l\'z Clanportal Gamebase Addon | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php.
|
|||||
| CVE-2013-4313 | 1 Moodle | 1 Moodle | 2025-04-11 | 7.5 HIGH | N/A |
|
Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string.
|
|||||
| CVE-2012-3881 | 1 Adrian Chadd | 2 Rtg, Rtg2 | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) 95.php, (2) view.php, or (3) rtg.php.
|
|||||
| CVE-2013-4953 | 1 Topgames | 1 Top Games Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter.
|
|||||
| CVE-2010-1701 | 1 Rocky.nu | 1 Php Video Battle Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2010-1713 | 1 Postnuke | 1 Postnuke | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action.
|
|||||
| CVE-2009-4958 | 1 Emophp | 1 Emo Breeder Manager | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in video.php in EMO Breeder Manager (aka EMO Breader Manager) allows remote attackers to execute arbitrary SQL commands via the idd parameter.
|
|||||
| CVE-2010-1559 | 2 Joomla, Martin Hess | 2 Joomla\!, Com Sermonspeaker | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopup action to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2014-1206 | 1 Openwebanalytics | 1 Open Web Analytics | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.
|
|||||
| CVE-2011-4349 | 1 Freedesktop | 1 Colord | 2025-04-11 | 4.6 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.
|
|||||
| CVE-2010-0973 | 1 Scripteverkauf | 1 Domain Verkaus And Auktions Portal | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in phppool media Domain Verkaus and Auktions Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-4798 | 1 Diskos | 1 Diskos Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature.
|
|||||
| CVE-2010-4638 | 2 Iptechinside, Joomla | 2 Com Jquarks4s, Joomla\! | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php.
|
|||||
| CVE-2011-4559 | 1 Vtiger | 1 Vtiger Crm | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.
|
|||||