Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4017 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-1924 | 1 Phpscripte24 | 1 Live Shopping Multi Portal System | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shopping Multi Portal System allows remote attackers to execute arbitrary SQL commands via the artikel parameter.
|
|||||
| CVE-2011-5259 | 1 Orangehrm | 1 Orangehrm | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2011-4803 | 2 Bravenewcode, Wordpress | 2 Wptouch, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-4892 | 1 Webjump | 1 Webjump\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Content Management System WEBjump! allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) portfolio_genre.php and (2) news_id.php.
|
|||||
| CVE-2010-2670 | 1 Brotherscripts | 1 Recipe Website | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in recipedetail.php in BrotherScripts Recipe Website allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-2694 | 2 Joomla, Redcomponent | 2 Joomla\!, Com Redshop | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php.
|
|||||
| CVE-2010-1365 | 1 Uiga | 1 Fan Club | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.
|
|||||
| CVE-2010-5004 | 1 2daybiz | 1 Polls Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
|||||
| CVE-2012-2171 | 1 Ibm | 18 Ds4100, Ds4200, Ds4300 and 15 more | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.
|
|||||
| CVE-2012-1777 | 1 F5 | 1 Firepass | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.
|
|||||
| CVE-2012-4971 | 1 Layton Technology | 1 Helpbox | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserl ...
Show More |
|||||
| CVE-2010-1277 | 1 Zabbix | 1 Zabbix | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php.
|
|||||
| CVE-2012-2109 | 2 Buddypress, Wordpress | 2 Buddypress, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.
|
|||||
| CVE-2010-0122 | 1 Timeclock-software | 1 Employee Timeclock Software | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.
|
|||||
| CVE-2012-4868 | 2 Joomla, Kunena | 2 Joomla\!, Kunena | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-1366 | 1 Uiga | 1 Fan Club | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin/admin_login.php in Uiga Fan Club 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin_name and (2) admin_password parameters.
|
|||||
| CVE-2014-1618 | 1 Uaepd | 1 Shopping Cart Script | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php.
|
|||||
| CVE-2013-6873 | 1 Testa | 1 Online Test Management System | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter.
|
|||||
| CVE-2011-0510 | 1 Awbs | 1 Advanced Webhost Billing System | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action.
|
|||||
| CVE-2011-5022 | 1 Pligg | 1 Pligg Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter.
|
|||||
| CVE-2010-5055 | 1 Almnzm | 1 Almnzm | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Almnzm 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2012-3350 | 1 Valarsoft | 1 Webmatic | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
|
|||||
| CVE-2012-0337 | 1 Cisco | 1 Unified Meetingplace | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939.
|
|||||
| CVE-2013-5012 | 1 Symantec | 1 Web Gateway | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-0608 | 1 Novaboard | 1 Novaboard | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter in a search action.
|
|||||
| CVE-2010-5287 | 1 Cstech | 1 Webconductor | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.php in Cornerstone Technologies webConductor allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-0337 | 1 Typo3 | 2 Dl3 Tt News Alerts, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4619 | 1 Webscripti | 1 Mafya Oyun Scrpti | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2012-1603 | 1 Nextbbs | 1 Nextbbs | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function.
|
|||||
| CVE-2010-4496 | 1 Tibco | 2 Activecatalog, Collaborative Information Manager | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-0722 | 1 Mhproducts | 1 Php Auktion Pro | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in Php Auktion Pro allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2011-1546 | 1 Aphpkb | 1 Aphpkb | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-2140 | 1 Multishopcms | 1 Multishop Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in itemdetail.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2011-1903 | 1 Proofpoint | 2 Messaging Security Gateway, Protection Server | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2010-1706 | 1 2daybiz | 1 Auction Script | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-2933 | 1 Avscripts | 1 Av Arcade | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote attackers to execute arbitrary SQL commands via the ava_code cookie to the "main page," related to index.php and the login task.
|
|||||
| CVE-2010-4151 | 1 Deluxebb | 1 Deluxebb | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.
|
|||||
| CVE-2010-1009 | 2 Joachim-ruhs, Typo3 | 2 Educator, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-1018 | 2 Jochen Rau, Typo3 | 2 Sk Bookreview, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||