Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3834 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.
|
|||||
| CVE-2011-4829 | 2 Barter-sites, Joomla | 2 Com Listing, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
|
|||||
| CVE-2013-3033 | 1 Ibm | 1 Tivoli Remote Control | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the server component in IBM Tivoli Remote Control 5.1.2 before 5.1.2-TIV-TRC512-IF0015 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4635 | 1 Site2nite | 1 Vacation Rental Listings | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2010-4980 | 1 Iscripts | 1 Reservelogic | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
|
|||||
| CVE-2013-6931 | 1 Cybozu | 1 Garoon | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
|
|||||
| CVE-2012-2762 | 1 S9y | 1 Serendipity | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.
|
|||||
| CVE-2010-5015 | 1 2daybiz | 1 Network Community Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_photo.php in 2daybiz Network Community Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
|
|||||
| CVE-2010-3485 | 1 Lightneasy | 1 Lightneasy | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2012-4282 | 1 Toocharger | 1 Trombinoscope | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-4362 | 1 Micronetsoft | 1 Rv Dealer Website | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp.
|
|||||
| CVE-2013-3530 | 2 Fabricio Zuardi, Wordpress | 2 Xspf Player Plugin, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.
|
|||||
| CVE-2010-4166 | 1 Joomla | 1 Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.
|
|||||
| CVE-2011-1342 | 1 Aimluck | 2 Aipo, Aipo-asp | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ASP before 5.1.1, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4834 | 1 Oneorzero | 1 Aims | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-0955 | 1 Media-products | 1 Bild Flirt Community | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-1949 | 2 Emultisoft, Joomla | 2 Com Jnewspaper, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-4969 | 1 Brotherscripts | 1 Business Directory | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in articlesdetails.php in BrotherScripts (BS) Business Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-0338 | 1 Typo3 | 2 Ttpedit, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-0372 | 2 Hong Chuyen, Joomla | 2 Com Articlemanager, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php.
|
|||||
| CVE-2009-4936 | 1 Spirate | 1 Small Pirate | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php.
|
|||||
| CVE-2010-5019 | 1 2daybiz | 1 Online Classified Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
|
|||||
| CVE-2012-2325 | 1 Mybb | 1 Mybb | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-4745 | 2 Kurt Gusbeth, Typo3 | 2 Myquizpoll, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-1463 | 1 Webasyst Llc | 1 Shop-script | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the (1) add2cart, (2) c_id, (3) categoryID, (4) list_price, (5) name, (6) new_offer, (7) price, (8) product_code, (9) productID, (10) rating, and (11) save_product parameters.
|
|||||
| CVE-2010-4891 | 2 Andreas Kiefer, Typo3 | 2 Ke Yac, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4517 | 2 Harmistechnology, Joomla | 2 Com Jeauto, Joomla\! | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.
|
|||||
| CVE-2012-5312 | 1 Tribiq | 1 Tribiq Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
|
|||||
| CVE-2010-2673 | 1 Devana | 1 Devana | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profile_view.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2012-5294 | 1 Mystorexpress | 1 Tienda Virtual | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-1370 | 1 Preprojects | 1 Pre Classified Listings Asp | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detailad.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the siteid parameter.
|
|||||
| CVE-2012-5291 | 1 Possesports | 1 Posse Softball Director Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter.
|
|||||
| CVE-2010-2512 | 1 2daybiz | 1 Matrimonial Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-1051 | 1 Alexandre Dubus | 1 Audistat | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) month parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2010-0964 | 1 Media-products | 1 Eros Webkatalog | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in start.php in Eros Webkatalog allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.
|
|||||
| CVE-2010-2436 | 1 Anecms | 1 Anecms Blog | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
|
|||||
| CVE-2009-4860 | 1 Demarque | 1 Typing Pal | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter.
|
|||||
| CVE-2012-0994 | 1 Zenphoto | 1 Zenphoto | 2025-04-11 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.
|
|||||
| CVE-2009-4805 | 1 Will Kraft | 1 Ez-blog | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the storyid parameter to public/view.php or (2) the kill parameter to admin/remove.php.
|
|||||
| CVE-2010-4899 | 1 Webmanager-pro | 1 Cms Webmanager-pro | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||