Total
15276 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0137 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists. | |||||
| CVE-2016-9864 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 6.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected. | |||||
| CVE-2014-3446 | 1 Bss | 1 Continuity Cms | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter. | |||||
| CVE-2015-1479 | 1 Zohocorp | 1 Servicedesk Plus | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter. | |||||
| CVE-2014-2655 | 1 Postfix Admin Project | 1 Postfix Admin | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands via a new alias. | |||||
| CVE-2015-6910 | 1 Synology | 1 Video Station | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi. | |||||
| CVE-2016-1000120 | 1 Huge-it | 1 Catalog | 2025-04-12 | 6.5 MEDIUM | 7.2 HIGH |
| SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | |||||
| CVE-2015-8261 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request. | |||||
| CVE-2015-4062 | 1 Newstatpress Project | 1 Newstatpress | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php. | |||||
| CVE-2014-8375 | 1 Gb-plugins | 1 Gb Gallery Slideshow | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-2972 | 1 Sysphonic | 1 Thetis | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5180 | 1 Hdwplayer | 1 Hdw-player-video-player-video-gallery | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php. | |||||
| CVE-2014-100012 | 1 Sendy | 1 Sendy | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. | |||||
| CVE-2012-5701 | 1 Dotproject | 1 Dotproject | 2025-04-12 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2014-3857 | 1 Kerio | 1 Control | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php. | |||||
| CVE-2014-0763 | 1 Advantech | 1 Advantech Webaccess | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions. | |||||
| CVE-2016-9134 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure. | |||||
| CVE-2015-0715 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608. | |||||
| CVE-2014-10038 | 1 Domphp | 1 Domphp | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. | |||||
| CVE-2015-3947 | 1 Advantech | 1 Webaccess | 2025-04-12 | 6.5 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||