Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4921 | 1 E107 | 1 E107 | 2025-04-11 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2011-1060 | 1 Webmastersite | 1 Wsn Guest | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php.
|
|||||
| CVE-2011-5203 | 1 Akiva | 1 Webboard | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-7193 | 1 Etoshop | 1 C2c Forward Auction Creator | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp.
|
|||||
| CVE-2011-4215 | 1 Oneorzero | 1 Aims | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable.
|
|||||
| CVE-2010-0974 | 1 Phpcityportal | 1 Phpcityportal | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) video_show.php, (2) spotlight_detail.php, (3) real_estate_details.php, and (4) auto_details.php.
|
|||||
| CVE-2010-4925 | 1 Nuked-klan | 2 Nuked-klan, Partenaires Module | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in clic.php in the Partenaires module 1.5 for Nuked-Klan allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-1739 | 1 Joomla | 2 Com Newsfeeds, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php.
|
|||||
| CVE-2010-1493 | 2 Awdsolution, Joomla | 2 Com Awdwall, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php.
|
|||||
| CVE-2010-4903 | 1 Cubecart | 1 Cubecart | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter.
|
|||||
| CVE-2011-4672 | 1 Valid | 1 Tiny-erp | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php.
|
|||||
| CVE-2014-1636 | 1 Doug Poulin | 1 Command School Student Management System | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.ph ...
Show More |
|||||
| CVE-2010-4955 | 1 Php-programs | 1 Apboard Developers Apboard | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in board/board.php in APBoard Developers APBoard 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3078.
|
|||||
| CVE-2013-6058 | 1 Apprain | 1 Apprain | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/.
|
|||||
| CVE-2012-4941 | 1 Agilefleet | 2 Fleetcommander, Fleetcommander Kiosk | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2011-1663 | 2 Drupal, Icanlocalize | 2 Drupal, Translation Management | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-1721 | 2 Joomla, Thethinkery | 2 Joomla\!, Com Iproperty | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php.
|
|||||
| CVE-2010-1468 | 2 Focusdev, Joomla | 2 Com Mv Restaurantmenumanager, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php.
|
|||||
| CVE-2010-4147 | 1 Avactis | 1 Avactis Shopping Cart | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to (1) index.php and (2) product-list.php.
|
|||||
| CVE-2010-3604 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-7096 | 1 Sap | 1 Emr Unwired | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-1873 | 2 Joomla, Jvehicles | 2 Joomla\!, Com Jvehicles | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-1327 | 1 Tornadostore | 1 Tornadostore | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.
|
|||||
| CVE-2009-4796 | 1 Glfusion | 1 Glfusion | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.
|
|||||
| CVE-2011-5103 | 1 Alurian | 1 Prismotube Video Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Alurian Prismotube PHP Video Script allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
|
|||||
| CVE-2010-5001 | 1 Esoftpro | 1 Online Contact Manager | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.php in esoftpro Online Contact Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-2847 | 2 Gonzalo Maser, Joomla | 2 Com Artforms, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php.
|
|||||
| CVE-2009-4712 | 1 Tukanas | 1 Easyclassifieds Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Tukanas Classifieds (aka EasyClassifieds) Script 1.0 allows remote attackers to execute arbitrary SQL commands via the b parameter.
|
|||||
| CVE-2010-4615 | 1 Iskenderaltuntas | 1 Oto Galeri Sistemi | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) arac parameter to carsdetail.asp and the (2) marka parameter to twohandscars.asp.
|
|||||
| CVE-2013-4721 | 2 3ds, Typo3 | 2 Push2rss 3ds, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-6584 | 1 Myrephp | 1 Myre Realty Manager | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MYRE Realty Manager allow remote attackers to execute arbitrary SQL commands via the bathrooms1 parameter to (1) demo2/search.php or (2) search.php.
|
|||||
| CVE-2011-1480 | 1 Phpnuke | 1 Php-nuke | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.
|
|||||
| CVE-2010-4982 | 1 Mykazaam | 1 Address \& Contact Organizer | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in address_book/contacts.php in My Kazaam Address & Contact Organizer allows remote attackers to execute arbitrary SQL commands via the var1 parameter.
|
|||||
| CVE-2012-0226 | 1 Invensys | 1 Wonderware Information Server | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-0728 | 1 Ibm | 6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-5874 | 1 Elite-board | 1 Elite Bulletin Board | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, (c) index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php.
|
|||||
| CVE-2012-4414 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
|
|||||
| CVE-2010-4936 | 2 Joomla, Webmaster-tips | 2 Joomla\!, Com Slideshow | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
|
|||||
| CVE-2013-6321 | 1 Ibm | 4 Atlas Ediscovery Process Management, Atlas Suite, Disposal And Governance Management For It and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, Disposal and Governance Management for IT 6.0.1.5 and earlier and 6.0.2, and Global Retention Policy and Schedule Management 6.0.1.5 and earlier and 6.0.2 in IBM Atlas Suite (aka Atlas Policy Suite) allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2011-0516 | 1 Epromptc | 1 Betmore Site Suite | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site Suite 4.0 through 4.2.0 allows remote attackers to execute arbitrary SQL commands via the bid parameter.
|
|||||