Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4034 | 1 Pbboard | 1 Pbboard | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php.
|
|||||
| CVE-2011-4833 | 1 Sugarcrm | 1 Sugarcrm | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.
|
|||||
| CVE-2012-0244 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input.
|
|||||
| CVE-2013-3531 | 1 Radiocms | 1 Radiocms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.
|
|||||
| CVE-2013-4748 | 2 Georg Ringer, Typo3 | 2 News, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2013-0140 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-11 | 7.9 HIGH | N/A |
|
SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel.
|
|||||
| CVE-2010-2611 | 1 I-netsolution | 1 Job Search Engine Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in show_search_result.php in i-netsolution Job Search Engine allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
|
|||||
| CVE-2010-0968 | 1 Geekhelps | 1 Admp | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 allows remote attackers to execute arbitrary SQL commands via the click parameter.
|
|||||
| CVE-2010-1092 | 1 Scriptsfeed | 1 Business Directory Software | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters.
|
|||||
| CVE-2010-0956 | 1 Opencart | 1 Opencart | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2010-4839 | 2 Edgetechweb, Wordpress | 2 Event Registration, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action.
|
|||||
| CVE-2010-4904 | 2 Joomla, Simon Philips | 2 Joomla\!, Com Aardvertiser | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2011-0644 | 1 Phpcms | 1 Phpcms 2008 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php.
|
|||||
| CVE-2011-0443 | 1 Tinybb | 1 Tinybb | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2011-2467 | 1 Likewise | 1 Likewise Open | 2025-04-11 | 5.8 MEDIUM | N/A |
|
SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allows local users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-0677 | 1 Katalog.hurricane | 1 Katalog Stron Hurricane | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter.
|
|||||
| CVE-2010-4866 | 1 Chipmunk-scripts | 1 Chipmunk Board | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter.
|
|||||
| CVE-2009-4979 | 1 Keil-software | 1 Photokorn Gallery | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in search.php in Photokorn Gallery 1.81 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) where[], (2) sort, (3) order, and (4) Match parameters.
|
|||||
| CVE-2013-3412 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
|
|||||
| CVE-2010-0721 | 1 Systemsoftware | 1 Auktionshaus Gelb | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2012-3951 | 1 Sonicwall | 1 Scrutinizer | 2025-04-11 | 7.5 HIGH | N/A |
|
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
|
|||||
| CVE-2011-5031 | 1 Shilpisoft | 1 Capexweb | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-0339 | 1 Typo3 | 2 Typo3, Vm19 Userlinks | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-3953 | 1 Phplist | 1 Phplist | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.
|
|||||
| CVE-2010-2142 | 1 Murat Ersoy | 1 Cyberhost | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-1271 | 1 Smart-plugs | 1 Smartplugs | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows remote attackers to execute arbitrary SQL commands via the domain parameter.
|
|||||
| CVE-2010-4793 | 1 Site2nite | 1 Auto E-manager | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2010-4979 | 1 Nicholas Berry | 1 Candid | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
|
|||||
| CVE-2011-5262 | 1 Sonicwall | 4 Aventail Sra Ex6000, Aventail Sra Ex7000, Aventail Sra Ex9000 and 1 more | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
|
|||||
| CVE-2010-1480 | 2 Joomla, Rockettheme | 2 Joomla\!, Com Rokmodule | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-6625 | 1 Vasthtml | 1 Forumpress | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid parameter in an editgroup action.
|
|||||
| CVE-2010-4916 | 1 Coldgen | 1 Coldusergroup | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.
|
|||||
| CVE-2012-1077 | 2 Manfred Egger, Typo3 | 2 Bc Post2facebook, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2012-5760 | 1 Ibm | 1 Netezza | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4954 | 1 Gambio | 1 Xt\ | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
|
|||||
| CVE-2010-1359 | 2 Bluegate, Xt-commerce | 2 Direct Url, Xt-commerce | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in bluegate_seo.inc.php in the Direct URL module for xt:Commerce, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the coID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2010-1015 | 2 Laurent Foulloy, Typo3 | 2 Sav Filter Abc, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-1599 | 1 Nkinfoweb | 1 Nkinfoweb | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and 5.2.2.0 allows remote attackers to execute arbitrary SQL commands via the id_sp parameter.
|
|||||
| CVE-2013-7149 | 2 Openx, Revive-adserver | 2 Openx, Revive Adserver | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
|
|||||
| CVE-2013-7189 | 1 Iscripts | 1 Autohoster | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
|
|||||