Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-2459 | 1 2daybiz | 1 Video Community Portal Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter.
|
|||||
| CVE-2010-1012 | 2 Mathias Schreiber, Typo3 | 2 Nf Cleandb, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-5003 | 1 E-soft24 | 1 Banner Exchange Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
|
|||||
| CVE-2014-0080 | 1 Rubyonrails | 1 Rails | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns.
|
|||||
| CVE-2012-4927 | 1 Limesurvey | 1 Limesurvey | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
|
|||||
| CVE-2009-4865 | 1 I-escorts | 2 I-escorts Agency Script, I-escorts Directory Script | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-0635 | 2 Jevents, Joomla | 2 Jevents Search Plugin, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2011-4826 | 1 Autosectools | 1 V-cms | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-2922 | 1 Ali Kenan | 1 Aky Blog | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in AKY Blog allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2011-4753 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by domains/sitebuilder_edit.php and certain other files.
|
|||||
| CVE-2010-2508 | 1 2daybiz | 1 Video Community Portal Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter.
|
|||||
| CVE-2011-0960 | 1 Cisco | 1 Unified Operations Manager | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.
|
|||||
| CVE-2010-1865 | 1 Csphere | 1 Clansphere | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).
|
|||||
| CVE-2010-4842 | 1 Mhproducts | 1 Download Center | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/login.php in MHP DownloadScript (aka MH Products Download Center) 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-2714 | 1 Tcwonline | 1 Tcw Php Album | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter.
|
|||||
| CVE-2012-2324 | 1 Mybb | 1 Mybb | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP).
|
|||||
| CVE-2011-1064 | 1 Qibosoft | 1 Qi Bo Cms | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter.
|
|||||
| CVE-2010-2674 | 1 Alanzard | 1 Tsoka\ | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action.
|
|||||
| CVE-2010-2696 | 1 Sijio | 1 Community Software | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter.
|
|||||
| CVE-2010-4869 | 1 Drbenhur | 1 Dbhcms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter.
|
|||||
| CVE-2010-4298 | 1 Dustincowell | 1 Free Simple Software | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php.
|
|||||
| CVE-2010-2335 | 1 Yamamah | 1 Yamamah | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter.
|
|||||
| CVE-2012-4951 | 1 Verifone | 1 Vericentre Web Console | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter.
|
|||||
| CVE-2010-4926 | 2 Joomla, Timetrack | 2 Joomla\!, Com Timetrack | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.
|
|||||
| CVE-2012-4237 | 1 Tecnick | 1 Tcexam | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.
|
|||||
| CVE-2011-4808 | 2 Joomla, Joomlaextensions | 2 Joomla\!, Com Hmcommunity | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.
|
|||||
| CVE-2010-4830 | 1 T-dreams | 1 Job Career Package | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter.
|
|||||
| CVE-2011-3988 | 1 Lockon | 1 Ec-cube | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-2007 | 1 Hp | 1 Performance Insight | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-1778 | 1 Createvision | 1 Createvision Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in artykul_print.php in CreateVision CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2011-0434 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.
|
|||||
| CVE-2010-5053 | 2 Joomla, Php-shop-system | 2 Joomla\!, Com Xobbix | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php.
|
|||||
| CVE-2010-1343 | 1 Bjsintay | 1 Sitex | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
|
|||||
| CVE-2010-2855 | 1 Jared Meeker | 1 Event Horizon | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) YourEmail and (2) VerificationNumber parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2010-0954 | 1 Preprojects | 1 Pre E-learning Portal | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter.
|
|||||
| CVE-2009-4940 | 1 Zeuscart | 1 Zeuscart | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.
|
|||||
| CVE-2010-4861 | 1 Webspell | 1 Webspell | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
|
|||||
| CVE-2010-2133 | 1 Mylittleforum | 1 My Little Forum | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942.
|
|||||
| CVE-2010-1705 | 1 Rocky.nu | 1 Modelbook | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in casting_view.php in Modelbook allows remote attackers to execute arbitrary SQL commands via the adnum parameter.
|
|||||
| CVE-2010-2095 | 1 Cmsqlite | 1 Cmsqlite | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.
|
|||||