Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-3482 | 1 Bouzouste | 1 Primitive Cms | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters. NOTE: this can be leveraged with CVE-2010-3483 to conduct attacks without authentication.
|
|||||
| CVE-2011-3989 | 1 Hiroyuki Oyama | 1 Dbd\ | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-1053 | 1 Zentracking | 1 Zen Time Tracking | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-1225 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.
|
|||||
| CVE-2010-4845 | 1 Mhproducts | 1 Projekt Shop | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MH Products Projekt Shop allow remote attackers to execute arbitrary SQL commands via the (1) ts parameter to details.php and possibly the (2) ilceler parameter to index.php.
|
|||||
| CVE-2010-4952 | 2 Joachim Ruhs, Typo3 | 2 Festat, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-2911 | 1 Kayako | 1 Esupport | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.
|
|||||
| CVE-2009-4733 | 1 Supercrackmunkey | 1 Simpleloginsys | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2012-5912 | 1 Pico | 1 Picopublisher | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php.
|
|||||
| CVE-2013-3577 | 1 Wave | 2 Embassy Remote Administration Server, Embassy Remote Administration Server Help Desk | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote attackers to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field).
|
|||||
| CVE-2011-4674 | 1 Zabbix | 1 Zabbix | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.
|
|||||
| CVE-2010-5012 | 1 David Noguera Gutierrez | 1 Dalogin | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-2438 | 1 Laubrotel | 1 G.cms Generator | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably index.php.
|
|||||
| CVE-2011-5169 | 1 Dell | 1 Sonicwall Viewpoint | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter.
|
|||||
| CVE-2011-1100 | 1 Pixelpost | 1 Pixelpost | 2025-04-11 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.
|
|||||
| CVE-2010-0710 | 1 Aspcodecms | 1 Aspcode Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the newsid parameter when the sec parameter is 26. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2012-1017 | 1 Secureideas | 1 Base | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9] parameters.
|
|||||
| CVE-2010-0139 | 1 Cisco | 1 Unified Meetingplace | 2025-04-11 | 9.0 HIGH | N/A |
|
Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691.
|
|||||
| CVE-2009-4935 | 1 Esoftpro | 1 Online Guestbook Pro | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter.
|
|||||
| CVE-2011-5139 | 1 Preprojects | 1 Business Cards Designer | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2010-4888 | 2 Marco Hezel, Typo3 | 2 Hm Tinymarket, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2010-0471 | 1 Enanocms | 1 Enanocms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the comment submission interface (includes/comment.php) in Enano CMS before 1.0.6pl1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
|
|||||
| CVE-2010-1372 | 2 Hdflvplayer, Joomla | 2 Com Hdflvplayer, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
|
|||||
| CVE-2010-1654 | 1 Instantrankingseo | 1 Infocus Real Estate | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in system_member_login.php in Infocus Real Estate Enterprise Edition allow remote attackers to execute arbitrary SQL commands via the (1) username (aka login) and (2) password parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-4386 | 2 Redhat, Theforeman | 2 Openstack, Foreman | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.
|
|||||
| CVE-2010-2135 | 1 Hazelpress | 1 Hazelpress | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.php in HazelPress Lite 0.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) password fields.
|
|||||
| CVE-2011-5198 | 1 Neturf | 1 Ecommerce Shopping Cart | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in Neturf eCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the SearchFor parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-4862 | 2 Harmistechnology, Joomla | 2 Com Jedirectory, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
|
|||||
| CVE-2009-4695 | 1 Radscripts | 1 Radlance | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.
|
|||||
| CVE-2012-2925 | 1 Simple Php Agenda | 1 Simple Php Agenda | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action.
|
|||||
| CVE-2009-4891 | 1 Cs-cart | 1 Cs-cart | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action.
|
|||||
| CVE-2011-5140 | 1 Diy-cms | 2 Blog, Diy-cms | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) control/approve_posts.php, and (i) control/viewcat.php; and the (2) month and (3) year parameters to archive.php.
|
|||||
| CVE-2011-4521 | 1 Advantech | 1 Advantech Webaccess | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input.
|
|||||
| CVE-2013-6341 | 1 Dokeos | 1 Dokeos | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
|
|||||
| CVE-2012-3839 | 1 Myclientbase | 1 Myclientbase | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search.
|
|||||
| CVE-2010-5057 | 1 Alephsystem | 1 Cms Ariadna | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the tipodoc_id parameter.
|
|||||
| CVE-2012-1656 | 2 Drupal, Wesjones | 2 Drupal, Multisite Search | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field.
|
|||||
| CVE-2010-2688 | 1 Site2nite | 1 Boat Classifieds | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2013-5318 | 1 Benjamin Arnaudetr | 1 Ginkgocms | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the rang parameter to index.php.
|
|||||
| CVE-2011-2403 | 1 Hp | 1 Network Automation | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||