Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3404 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(1a) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, leading to discovery of encrypted credentials by leveraging metadata, aka Bug ID CSCuh01051.
|
|||||
| CVE-2009-4967 | 2 Jochen Rieger, Typo3 | 2 Car, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-1874 | 2 Com-property, Joomla | 2 Com Properties, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-4742 | 1 Docebo | 1 Docebo | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable through index.php; (2) the word parameter in a play keyw action to the link module, reachable through index.php; (3) the id_certificate parameter in an elemmetacertificate action to the meta_certificate module, reachable through index.php; or (4) the id_certificate parameter in an elemcertificate action to ...
Show More |
|||||
| CVE-2013-4662 | 1 Civicrm | 1 Civicrm | 2025-04-11 | 6.5 MEDIUM | N/A |
|
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick.
|
|||||
| CVE-2013-4879 | 1 Bigtreecms | 1 Bigtree Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php.
|
|||||
| CVE-2010-2516 | 1 2daybiz | 1 Multi Level Marketing Software | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketing (MLM) Software allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) index.php and (2) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2010-4257 | 1 Wordpress | 1 Wordpress | 2025-04-11 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.
|
|||||
| CVE-2011-3615 | 1 Simplemachines | 1 Smf | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-4687 | 1 Hypersilence | 1 Silentum Guestbook | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in silentum_guestbook.php in Silentum Guestbook 2.0.2 allows remote attackers to execute arbitrary SQL commands via the messageid parameter.
|
|||||
| CVE-2010-0400 | 1 Mahara | 1 Mahara | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username.
|
|||||
| CVE-2010-4272 | 2 Joomla, Pulseinfotech | 2 Joomla\!, Com Sponsorwall | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
|
|||||
| CVE-2013-3294 | 1 Exponentcms | 1 Exponent Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.
|
|||||
| CVE-2012-6577 | 2 Typo3, Typoheads | 2 Typo3, Formhandler | 2025-04-11 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-2092 | 1 Cacti | 1 Cacti | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query.
|
|||||
| CVE-2011-5200 | 1 Dedecms | 1 Dedecms | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php.
|
|||||
| CVE-2012-4279 | 1 Rwcinc | 1 Free Realty | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to agentdisplay.php or (2) edit parameter to admin/admin.php.
|
|||||
| CVE-2010-4006 | 2 Wsn, Wsnlinks | 3 Links, Wsn Links, Wsn Links | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.
|
|||||
| CVE-2011-3831 | 1 Sitracker | 1 Support Incident Tracker | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name.
|
|||||
| CVE-2009-4691 | 1 Resalecode | 1 Classified Linktrader Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in addlink.php in Classified Linktrader Script allows remote attackers to execute arbitrary SQL commands via the slctCategories parameter.
|
|||||
| CVE-2012-5328 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php.
|
|||||
| CVE-2012-2105 | 1 Peter Kovacs | 1 Timesheet Next Gen | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
|
|||||
| CVE-2011-4801 | 1 Authenex | 1 Authenex Strong Authentication System Server | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2009-4748 | 2 Andrew Charlton, Wordpress | 2 My Category Order, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php.
|
|||||
| CVE-2013-6001 | 1 Cybozu | 1 Garoon | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2011-5224 | 2 Trioniclabs, Wordpress | 2 Sentinel, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4838 | 2 Extensiondepot, Joomla | 2 Com Jsupport, Joomla\! | 2025-04-11 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.
|
|||||
| CVE-2011-5038 | 1 Hitcode | 1 Hitappoint | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2012-2601 | 1 Progress | 1 Whatsup Gold | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter.
|
|||||
| CVE-2010-3076 | 1 Blentz | 1 Smbind | 2025-04-11 | 7.5 HIGH | N/A |
|
The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via the username parameter to the admin login page.
|
|||||
| CVE-2010-0377 | 1 Phpmyspace | 1 Phpmyspace | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-2661 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-11 | 5.0 MEDIUM | N/A |
|
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameters that leverage unintended recursion, a related issue to CVE-2012-2695.
|
|||||
| CVE-2010-2339 | 1 Subdreamer | 1 Subdreamer | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x allows remote attackers to execute arbitrary SQL commands via the categoryids[] parameter in an update_pages action.
|
|||||
| CVE-2010-0753 | 2 Componentslab, Joomla | 2 Com Sqlreport, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-6839 | 1 Instantsoft | 1 Instantcms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].
|
|||||
| CVE-2013-4422 | 3 Postgresql, Qt, Quassel-irc | 3 Postgresql, Qt, Quassel Irc | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, allows remote attackers to execute arbitrary SQL commands via a \ (backslash) in a message.
|
|||||
| CVE-2010-2354 | 1 Pilotgroup | 1 Elms Pro | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.
|
|||||
| CVE-2010-4934 | 1 Svcreation | 1 Get Tube | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in video.php in Get Tube 4.51 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-4857 | 1 Curtiss Grymala | 1 Cag Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
|
|||||
| CVE-2013-4827 | 1 Hp | 2 Imc Service Operation Management Software Module, Intelligent Management Center | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZDI-CAN-1664.
|
|||||