Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4260 | 1 Hccgmbh | 1 Mycare2x | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in myCare2x allow remote attackers to execute arbitrary SQL commands via the (1) aktion or (2) callurl parameter to modules/patient/mycare2x_pat_info.php; (3) dept_nr or (4) pid parameter to modules/importer/mycare2x_importer.php; (5) myOpsEintrag or (6) keyword parameter in a Suchen action to modules/drg/mycare2x_proc_search.php; or (7) name_last or (8) pid parameter to modules/patient/mycare_pid.php.
|
|||||
| CVE-2013-3524 | 1 Simpilotgroup | 1 Pop Up News | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS.
|
|||||
| CVE-2012-5317 | 1 Bigware | 1 Bigware Shop | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process action.
|
|||||
| CVE-2010-0981 | 2 Joomla, Templateplazza | 2 Joomla\!, Com Tpjobs | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to index.php.
|
|||||
| CVE-2010-4612 | 1 Hycus | 1 Hycus Cms | 2025-04-11 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremail parameter to user/1/forgotpass.html, and the (5) q parameter to search/1.html. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-4783 | 1 Mntechsolutions | 1 Theeta Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to execute arbitrary SQL commands via the start parameter to (1) forum.php and (2) thread.php in community/, and (3) blog/index.php.
|
|||||
| CVE-2010-5016 | 1 Eliteladders | 1 Elite Gaming Ladders | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in matchdb.php in Elite Gaming Ladders 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the match parameter.
|
|||||
| CVE-2012-0199 | 1 Ibm | 1 Tivoli Provisioning Manager Express For Software Distribution | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getA ...
Show More |
|||||
| CVE-2010-2924 | 2 Silvercover, Wordpress | 2 Mylinksdump Plugin, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-4619 | 2 Joomla, Lucygames | 2 Joomla\!, Com Lucygames | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2013-5957 | 1 Civicrm | 1 Civicrm | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.
|
|||||
| CVE-2012-0983 | 1 Scriptsez | 1 Ez Album | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
|
|||||
| CVE-2010-4736 | 1 Gatesoft | 1 Docusafe | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-5028 | 2 Harmistechnology, Joomla | 2 Com Jejob, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
|
|||||
| CVE-2010-1600 | 2 Joomla, Thefactory | 2 Joomla\!, Com Mediamall | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Media Mall Factory (com_mediamall) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.
|
|||||
| CVE-2010-0605 | 1 Osticket | 1 Osticket | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
|
|||||
| CVE-2013-3532 | 2 Webdorado, Wordpress | 2 Spider Video Player, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter.
|
|||||
| CVE-2009-4947 | 1 Q2solutions | 1 Connx | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Solutions ConnX 4.0.20080606 allows remote attackers to execute arbitrary SQL commands via the txtEmail parameter.
|
|||||
| CVE-2010-2141 | 1 Nitropowered | 1 Nitro Web Gallery | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action.
|
|||||
| CVE-2010-4268 | 2 Joomla, Pulseinfotech | 2 Joomla\!, Com Flipwall | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
|
|||||
| CVE-2014-1459 | 1 Doorgets | 1 Doorgets Cms | 2025-04-11 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
|
|||||
| CVE-2010-0694 | 2 Joomla, Percha | 2 Joomla, Com Perchagallery | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php.
|
|||||
| CVE-2012-5292 | 1 Atar2b | 1 Atar2b Cms | 2025-04-11 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.
|
|||||
| CVE-2009-4650 | 2 Joomla, Onnogroen | 2 Joomla\!, Com Webeecomment | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2010-1496 | 2 Jolt, Joomla | 2 Com Joltcard, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JoltCard (com_joltcard) component 1.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cardID parameter in a view action to index.php.
|
|||||
| CVE-2011-5229 | 1 Apprain | 1 Apprain | 2025-04-11 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in quickstart/profile/index.php in the Forum module in appRain CMF 0.1.5 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
|
|||||
| CVE-2010-4752 | 1 Lightneasy | 1 Lightneasy | 2025-04-11 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2024-2585 | 1 Amss\+\+ Project | 1 Amss\+\+ | 2025-04-10 | N/A | 8.2 HIGH |
|
Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send_2.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB.
|
|||||
| CVE-2023-36813 | 1 Kanboard | 1 Kanboard | 2025-04-10 | N/A | 7.1 HIGH |
|
Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue.
|
|||||
| CVE-2022-4059 | 1 Blocksera | 1 Cryptocurrency Widgets Pack | 2025-04-10 | N/A | 9.8 CRITICAL |
|
The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
|
|||||
| CVE-2025-26605 | 1 Wegia | 1 Wegia | 2025-04-10 | N/A | 8.8 HIGH |
|
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `deletar_cargo.php` endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. This issue has been addressed in version 3.2.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
|
|||||
| CVE-2024-25910 | 1 Skymoonlabs | 1 Moveto | 2025-04-10 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2.
|
|||||
| CVE-2024-5314 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-10 | N/A | 9.1 CRITICAL |
|
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters sortorder y sortfield in /dolibarr/admin/dict.php.
|
|||||
| CVE-2024-5315 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-10 | N/A | 9.1 CRITICAL |
|
Vulnerabilities in Dolibarr ERP - CRM that affect version 9.0.1 and allow SQL injection. These vulnerabilities could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in the database through the parameters
viewstatut in /dolibarr/commande/list.php.
|
|||||
| CVE-2022-4360 | 1 Wp Rss By Publishers Project | 1 Wp Rss By Publishers | 2025-04-10 | N/A | 7.2 HIGH |
|
The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin
|
|||||
| CVE-2023-6191 | 1 Webpdks | 1 Webpdks | 2025-04-10 | N/A | 9.8 CRITICAL |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egehan Security WebPDKS allows SQL Injection.This issue affects WebPDKS: through 20240329. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2024-57631 | 1 Monetdb | 1 Monetdb | 2025-04-10 | N/A | 7.5 HIGH |
|
An issue in the exp_ref component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57632 | 1 Monetdb | 1 Monetdb | 2025-04-10 | N/A | 7.5 HIGH |
|
An issue in the is_column_unique component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57633 | 1 Monetdb | 1 Monetdb | 2025-04-10 | N/A | 7.5 HIGH |
|
An issue in the exps_bind_column component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||
| CVE-2024-57634 | 1 Monetdb | 1 Monetdb | 2025-04-10 | N/A | 7.5 HIGH |
|
An issue in the exp_copy component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
|||||