Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1331 | 1 Heartlogic | 1 Hl-sitemanager | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Heartlogic HL-SiteManager allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2012-1673 | 1 Ola Lasisi | 1 E-ticketing | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in loginscript.php in e-ticketing allows remote attackers to execute arbitrary SQL commands via the password parameter.
|
|||||
| CVE-2010-4639 | 1 Intendance | 1 Mysource Matrix | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2013-3525 | 1 Bestpractical | 1 Request Tracker | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims.
|
|||||
| CVE-2009-4710 | 2 Robert Heel, Typo3 | 2 Cwt Resetbepassword, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2011-4571 | 2 Eaimproved, Joomla | 2 Com Estateagent, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php.
|
|||||
| CVE-2010-1270 | 1 Phpscripte24 | 1 Multi Suktions Komplett System | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
|
|||||
| CVE-2013-3602 | 1 Trivantis | 1 Coursemill Learning Management System | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admindocumentworker.jsp in Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to execute arbitrary SQL commands via the docID parameter.
|
|||||
| CVE-2010-4721 | 1 Mhproducts | 1 Immo Makler | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2013-7094 | 1 Sap | 1 Netweaver | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-6588 | 1 Myrephp | 1 Myre Business Directory | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2011-5110 | 1 John Geo | 1 Blogs Manager | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/.
|
|||||
| CVE-2012-6497 | 1 Rubyonrails | 1 Rails | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product.
|
|||||
| CVE-2012-2961 | 1 Symantec | 1 Web Gateway | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2011-2688 | 3 Apache, Debian, Mod Authnz External Project | 3 Http Server, Debian Linux, Mod Authnz External | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.
|
|||||
| CVE-2013-5723 | 1 Sap | 1 Netweaver | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "ABAD0_DELETE_DERIVATION_TABLE."
|
|||||
| CVE-2010-1089 | 1 Phptroubleticket | 1 Php Trouble Ticket | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2012-5550 | 2 Carlos Carvalhar, Drupal | 2 Time Spent, Drupal | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-2574 | 1 Symantec | 1 Web Gateway | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue.
|
|||||
| CVE-2014-1471 | 1 Otrs | 1 Otrs | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL.
|
|||||
| CVE-2010-1604 | 1 Ncrypted | 1 Nct Jobs Portal Script | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in admin_login.php in NCT Jobs Portal Script allow remote attackers to execute arbitrary SQL commands via the (1) user parameter (aka login field) and (2) passwd parameter (aka password field). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-2678 | 2 Guillermo Vargas, Joomla | 2 Com Xmap, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
|
|||||
| CVE-2011-5072 | 1 Sitracker | 1 Support Incident Tracker | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or ( ...
Show More |
|||||
| CVE-2010-2254 | 2 Joomla, Shape5 | 2 Joomla\!, Bridge Of Hope Template | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
|
|||||
| CVE-2010-4636 | 1 Site2nite | 1 Business E-listings | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2014-1466 | 1 Csp Mysql User Manager Project | 1 Csp Mysql User Manager | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page.
|
|||||
| CVE-2011-4949 | 1 Egroupware | 2 Egroupware, Egroupware Enterprise Line | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2012-3000 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Analytics, Big-ip Application Security Manager and 7 more | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter.
|
|||||
| CVE-2012-6586 | 1 Myrephp | 1 Myre Vacation Rental | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MYRE Vacation Rental Software allow remote attackers to execute arbitrary SQL commands via the (1) garage1 or (2) bathrooms1 parameter to vacation/1_mobile/search.php, or (3) unspecified input to vacation/widgate/request_more_information.php.
|
|||||
| CVE-2011-0512 | 2 Jikaka, Php-fusion | 2 Teams Structure Module, Php-fusion | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter.
|
|||||
| CVE-2010-0343 | 1 Typo3 | 2 Pb Clanlist, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-4461 | 1 Redhat | 1 Enterprise Mrg | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."
|
|||||
| CVE-2010-0701 | 1 Newgensoft | 1 Omnidocs | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-4015 | 1 Debian | 1 Lintian | 2025-04-11 | 7.5 HIGH | N/A |
|
Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.
|
|||||
| CVE-2011-5039 | 1 Infoproject | 1 Biznis Heroj | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php.
|
|||||
| CVE-2011-5091 | 1 Grboard | 1 Grboard | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in GR Board (aka grboard) 1.8.6.5 Community Edition allow remote attackers to execute arbitrary SQL commands via the (1) tableType or (2) blindTarget parameter to view.php, (3) the delTargets[0] parameter to view_memo.php, or (4) the isReported parameter to write_ok.php.
|
|||||
| CVE-2010-4972 | 1 Ypninc | 1 Jokescript | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in YPNinc JokeScript allows remote attackers to execute arbitrary SQL commands via the ypncat_id parameter.
|
|||||
| CVE-2012-2338 | 1 Johan Cwiklinski | 1 Galette | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php.
|
|||||
| CVE-2013-3533 | 1 Virtualaccess | 1 Virtual Access Monitor | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10.17 and earlier allow attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4700 | 1 Php | 1 Php | 2025-04-11 | 6.8 MEDIUM | N/A |
|
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
|
|||||