Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4959 | 2 Stefan Koch, Typo3 | 2 T3m, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-4681 | 2 Michael Staatz, Typo3 | 2 Sofortueberweisung2commerce, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2011-0549 | 1 Symantec | 1 Web Gateway | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2012-0973 | 1 Osclass | 1 Osclass | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-5894 | 1 Havalite | 1 Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter.
|
|||||
| CVE-2012-4060 | 1 Asp-dev | 1 Xm Forums | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp.
|
|||||
| CVE-2010-1529 | 2 Freestyle, Joomla | 2 Faqs Lite, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) component, possibly 1.3, for Joomla! allows remote attackers to execute arbitrary SQL commands via the faqid parameter in an faq action to index.php.
|
|||||
| CVE-2010-0381 | 1 Phpmyspace | 1 Phpmyspace | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a show_stats action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2012-0805 | 1 Sqlalchemy | 1 Sqlalchemy | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.
|
|||||
| CVE-2010-2131 | 2 Mario Matzulla, Typo3 | 2 Cal, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data.
|
|||||
| CVE-2013-5697 | 2 Apache, Simone Tellini | 2 Http Server, Mod Accounting | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.
|
|||||
| CVE-2010-1426 | 1 Modxcms | 1 Modxcms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in MODx Evolution before 1.0.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors related to WebLogin.
|
|||||
| CVE-2014-0727 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.
|
|||||
| CVE-2010-4859 | 1 Webasyst | 1 Shop-script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blog_id parameter in a news action.
|
|||||
| CVE-2011-5183 | 1 Bioinformatics | 1 Ordersys | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the where_clause parameter to (1) index.php, (2) index_long.php, or (3) index_short.php in ordering/interface_creator/.
|
|||||
| CVE-2010-4632 | 1 Pilotcart | 1 Pilot Cart | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688.
|
|||||
| CVE-2010-2047 | 1 Joenasejes | 1 Je Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-2510 | 1 2daybiz | 1 Web Template Software | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter.
|
|||||
| CVE-2010-1431 | 1 Cacti | 1 Cacti | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.
|
|||||
| CVE-2010-1741 | 1 Billwerx | 1 Billwerx Rc | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in request_account.php in Billwerx RC 5.2.2 PL2 allows remote attackers to execute arbitrary SQL commands via the primary_number parameter.
|
|||||
| CVE-2011-1915 | 1 Infor | 2 Eclient, Enspire Distribution Management Solution | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4357 | 1 Boka | 1 Siteengine | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter.
|
|||||
| CVE-2010-1075 | 1 Entrylevelcms | 1 El Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to execute arbitrary SQL commands via the subj parameter.
|
|||||
| CVE-2008-7302 | 2 Joomla, Netshinesoftware | 2 Joomla\!, Com Netinvoice | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file."
|
|||||
| CVE-2010-2908 | 2 Joomdle, Joomla | 2 Com Joomdle, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php.
|
|||||
| CVE-2010-5041 | 2 John Bradshaw, Nucleuscms | 2 Np Gallery Plugin, Nucleus | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action.
|
|||||
| CVE-2010-4360 | 1 Jurpo | 1 Jurpopage | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2011-4734 | 3 Microsoft, Parallels, Redhat | 3 Windows, Parallels Plesk Panel, Enterprise Linux | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by file-manager/ and certain other files.
|
|||||
| CVE-2009-5094 | 1 Cmsfaethon | 1 Cms Faethon | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter.
|
|||||
| CVE-2010-1931 | 1 Cubecart | 1 Cubecart | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php.
|
|||||
| CVE-2012-1072 | 1 Typo3 | 2 Toi Category, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-5334 | 1 Preprojects | 1 Pre Printing Press | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter.
|
|||||
| CVE-2013-4720 | 2 Typo3, Webempoweredchurch | 2 Typo3, Wec Discussion | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-5015 | 1 Symantec | 2 Endpoint Protection Manager, Protection Center | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-3957 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2011-5230 | 1 Seotoaster | 1 Seotoaster | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member.
|
|||||
| CVE-2013-2594 | 1 Hornbill | 1 Supportworks Itsm | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter.
|
|||||
| CVE-2010-3423 | 2 Drupal, Freka | 2 Drupal, Yr Verdata | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method.
|
|||||
| CVE-2010-0375 | 1 Jce-tech | 1 Php Calendars Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2010-4269 | 1 O-dyn | 1 Collabtive | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action.
|
|||||