Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4925 | 1 Creasito | 1 Creasito E-commerce Content Manager | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php.
|
|||||
| CVE-2011-1343 | 1 Ibm | 1 Tivoli Netcool\/omnibus | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters."
|
|||||
| CVE-2011-5109 | 1 John Geo | 1 Freelancer Calendar | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the SearchField parameter in a search action to (1) category_list.php, (2) Copy_of_calendar_list.php, (3) customer_statistics_list.php, (4) customer_list.php, and (5) task_statistics_list.php in the worldcalendar directory.
|
|||||
| CVE-2010-5036 | 1 Iscripts | 1 Eswap | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
|
|||||
| CVE-2010-1855 | 1 Phpscripte24 | 1 Pay Per Watch \& Bid Auktions System | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
|
|||||
| CVE-2010-2919 | 2 Joomla, Joomlaxt | 2 Joomla\!, Com Staticxt | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
|
|||||
| CVE-2009-4807 | 1 Graugon | 1 Php Article Publisher | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Graugon PHP Article Publisher 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) c parameter to index.php and the (2) id parameter to view.php.
|
|||||
| CVE-2010-0798 | 2 Snowflake, Typo3 | 2 T3blog, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2011-0645 | 1 Phpcms | 1 Phpcms 2008 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.
|
|||||
| CVE-2012-4056 | 1 Uiga | 1 Personal Portal | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter.
|
|||||
| CVE-2012-1218 | 1 Freelancerkit | 1 Freelancerkit | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (1) notes and (2) tickets components.
|
|||||
| CVE-2010-2721 | 1 Rightinpoint | 1 Lyrics Engine | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action.
|
|||||
| CVE-2010-5009 | 1 Ut-files | 1 Utstats | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in UTStats Beta 4 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter in a matchp action.
|
|||||
| CVE-2012-5290 | 1 Wcs4web | 1 Easywebrealestate | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitrary SQL commands via the (1) lstid parameter to listings.php or (2) infoid parameter to index.php.
|
|||||
| CVE-2010-4503 | 1 Aigaion | 1 Aigaion | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action.
|
|||||
| CVE-2010-0671 | 1 Michalin | 1 Kr Media Pogodny Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a niusy action.
|
|||||
| CVE-2010-4941 | 2 Joomla, Joomlamo | 2 Joomla\!, Com Teams | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
|
|||||
| CVE-2011-0553 | 1 Symantec | 1 Im Manager | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4946 | 1 Allpcscript | 1 Allpc | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
|
|||||
| CVE-2013-0511 | 1 Ibm | 1 Security Appscan | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters.
|
|||||
| CVE-2011-5222 | 1 Scripte24shop | 1 Php Flirt-projekt | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter.
|
|||||
| CVE-2012-1026 | 1 Johannes Ekberg | 1 Xray Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
|
|||||
| CVE-2013-2956 | 1 Ibm | 1 Infosphere Optim Data Growth For Oracle E-business Suite | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Console in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-4849 | 1 Alibabaclone | 1 Alibaba Clone B2b | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B 3.4 allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
|
|||||
| CVE-2010-2609 | 1 2daybiz | 1 Job Search Engine Script | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
|
|||||
| CVE-2010-2124 | 1 Bartels-schoene | 1 Conpresso | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in firma.php in Bartels Schone ConPresso 4.0.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-0948 | 1 Bfs.kilu | 1 Bigforum | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-2610 | 1 2daybiz | 1 Job Site Script | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php.
|
|||||
| CVE-2010-4908 | 1 Virtuenetz | 1 Virtue Shopping Mall | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the prodid parameter.
|
|||||
| CVE-2011-5218 | 1 Neubivljiv | 1 Dota Openstats | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
|
|||||
| CVE-2012-5342 | 1 Michau Enterprises Llc | 1 Commonsense Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.
|
|||||
| CVE-2009-4938 | 2 Joomla, Warphd | 2 Joomla\!, Com Jvideo | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php.
|
|||||
| CVE-2010-4995 | 2 Joomla, Neojoomla | 2 Joomla\!, Com Neorecruit | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action to index.php, a different vector than CVE-2007-4506.
|
|||||
| CVE-2009-4855 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core.
|
|||||
| CVE-2010-5008 | 1 Denaliintranet | 1 Brightsuite Groupware | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pages/contact_list_mail_form.asp in BrightSuite Groupware 5.4 allows remote attackers to execute arbitrary SQL commands via the ContactID parameter.
|
|||||
| CVE-2011-1557 | 1 Icloudcenter | 1 Icjobsite | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than CVE-2011-1546. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2010-1369 | 1 Preprojects | 1 Pre Classified Listings Asp | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the email parameter.
|
|||||
| CVE-2012-6524 | 1 Powie | 1 Pgb | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2013-1177 | 1 Cisco | 1 Network Admission Control Manager And Server System Software | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095.
|
|||||
| CVE-2012-5313 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter.
|
|||||