Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-2086 | 1 Gajim | 1 Gajim | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter.
|
|||||
| CVE-2008-7267 | 1 Boka | 1 Siteengine | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-4795 | 1 Xlightftpd | 1 Xlight Ftp Server | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command.
|
|||||
| CVE-2009-4617 | 1 Tourismscripts | 1 Tourism Script Accomodation Hotel Booking Portal Script | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php, (2) details.php, (3) roomtypes.php, (4) photos.php, (5) map.php, (6) weather.php, (7) reviews.php, and (8) book.php.
|
|||||
| CVE-2010-3428 | 1 Intermesh | 1 Group-office | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action.
|
|||||
| CVE-2010-5049 | 1 Zabbix | 1 Zabbix | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the nav_time parameter.
|
|||||
| CVE-2013-6176 | 1 Emc | 1 Document Sciences Xpression | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote authenticated users to execute arbitrary SQL commands via unspecified input to a (1) xAdmin or (2) xDashboard form.
|
|||||
| CVE-2013-5917 | 2 Rodrigo Coimbra, Wordpress | 2 Nospam Pti, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter.
|
|||||
| CVE-2010-0802 | 2 Aleinbeen, Invision Power Services | 2 \(nv2\) Awards, Invision Power Board | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.
|
|||||
| CVE-2012-5310 | 2 Getshopped, Wordpress | 2 Wp E-commerce, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-5029 | 1 Codefabrik | 1 Ecomat Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the show parameter in a web action.
|
|||||
| CVE-2010-1863 | 1 Clantiger | 1 Clantiger | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the shoutbox module (modules/shoutbox.php) in ClanTiger 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the s_email parameter.
|
|||||
| CVE-2011-1610 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064.
|
|||||
| CVE-2010-5037 | 1 Michau Enterprises | 1 Sensesites Commonsense Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
|
|||||
| CVE-2010-0762 | 1 Commodityrentals | 1 Cd Rental Software | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.
|
|||||
| CVE-2010-0951 | 1 Dev4u | 1 Dev4u Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter.
|
|||||
| CVE-2011-1653 | 1 Broadcom | 1 Total Defense | 2025-04-11 | 10.0 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.
|
|||||
| CVE-2009-4965 | 2 Thomas Waggershauser, Typo3 | 2 Air Lexicon, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4944 | 2 Joomla, Mambo-foundation | 3 Com Elite Experts, Joomla\!, Mambo | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
|
|||||
| CVE-2009-4735 | 1 Allomani | 1 Audio \& Video Library | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
|
|||||
| CVE-2013-6787 | 1 Chamilo | 1 Chamilo Lms | 2025-04-11 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
|
|||||
| CVE-2010-3922 | 1 Sixapart | 1 Movabletype | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-2359 | 1 Activewebsoftwares | 1 Ewebquiz | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com eWebquiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizType parameter, a different vector than CVE-2007-1706.
|
|||||
| CVE-2010-5034 | 1 Iscripts | 1 Easybiller | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.
|
|||||
| CVE-2010-4829 | 1 T-dreams | 1 Cars Ads Package | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in processview.asp in Techno Dreams (T-Dreams) Cars Ads Package 2.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.
|
|||||
| CVE-2012-6039 | 1 Yabsoft | 1 Advanced Image Hosting Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter.
|
|||||
| CVE-2010-3481 | 1 Apphp | 1 Php Microcms | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details are obtained from third party information. NOTE: the password vector might not be vulnerable.
|
|||||
| CVE-2011-1061 | 1 Webmastersite | 1 Wsn Guest | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the time parameter.
|
|||||
| CVE-2013-7139 | 1 Cynthia Fridsma | 1 Horizon Quick Content Management System | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.
|
|||||
| CVE-2010-2683 | 1 Customerparadigm | 1 Pagedirector Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in result.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the sub_catid parameter.
|
|||||
| CVE-2011-0511 | 2 Joomla, Joomtraders | 2 Joomla\!, Com Allcinevid | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
|
|||||
| CVE-2010-0672 | 1 Webmastersite | 1 Wsn Guest | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in WSN Guest 1.02 allows remote attackers to execute arbitrary SQL commands via the orderlinks parameter.
|
|||||
| CVE-2010-1094 | 1 Miethner-scripting | 1 Dz Erotik Auktionshaus V4rgo | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-4898 | 2 Gantry-framework, Joomla | 2 Com Gantry, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php.
|
|||||
| CVE-2009-4615 | 1 Myrephp | 1 Myre Holiday Rental Manager | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in review.php in MYRE Holiday Rental Manager allows remote attackers to execute arbitrary SQL commands via the link_id parameter in a show_review action.
|
|||||
| CVE-2010-1588 | 1 Vpasp | 1 Vp-asp Shopping Cart | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Getwebsess function in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via the websess parameter.
|
|||||
| CVE-2010-0632 | 2 Joomla, Parkviewconsultants | 2 Joomla\!, Com Simplefaq | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com_simplefaq) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action to index.php.
|
|||||
| CVE-2009-4711 | 2 Jan Bednarik, Typo3 | 2 Cooluri, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686.
|
|||||
| CVE-2010-4975 | 2 Joomla, Techjoomla | 2 Joomla\!, Com Socialads | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in a showad action to index.php.
|
|||||
| CVE-2012-4281 | 1 Itechscripts | 1 Travelon Express | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php.
|
|||||