Total
15276 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3346 | 1 Wikiwiki Project | 1 Wikiwiki | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-4159 | 1 Sap | 1 Hana Web-based Development Workbench | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | |||||
| CVE-2014-9442 | 1 Reality66 | 1 Cart66 Lite | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php. | |||||
| CVE-2016-2386 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. | |||||
| CVE-2016-4351 | 1 Trendmicro | 1 Email Encryption Gateway | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the authentication functionality in Trend Micro Email Encryption Gateway (TMEEG) 5.5 before build 1107 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-2008 | 1 Mpay24 Project | 1 Mpay24 | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter. | |||||
| CVE-2014-8999 | 1 Xoops | 1 Xoops | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter. | |||||
| CVE-2014-10017 | 1 Welcart | 1 E-commerce | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php. | |||||
| CVE-2015-5023 | 1 Ibm | 1 Curam Social Program Management | 2025-04-12 | 6.5 MEDIUM | 5.4 MEDIUM |
| SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-1013 | 1 Osisoft | 2 Pi Server, Pi Sql For Af | 2025-04-12 | 6.5 MEDIUM | N/A |
| OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements. | |||||
| CVE-2014-2708 | 1 Cacti | 1 Cacti | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) graph_height, (4) graph_width, (5) graph_nolegend, (6) print_source, (7) local_graph_id, or (8) rra_id parameter. | |||||
| CVE-2016-3675 | 1 Huawei | 2 Policy Center, Policy Center Firmware | 2025-04-12 | 6.5 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases. | |||||
| CVE-2016-6616 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 6.8 MEDIUM | 7.5 HIGH |
| An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected. | |||||
| CVE-2014-2839 | 1 Dev4press | 1 Gd Star Rating | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php. | |||||
| CVE-2014-3366 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. | |||||
| CVE-2016-4522 | 1 Rockwellautomation | 1 Factorytalk Energrymetrix | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5503 | 1 Cyberoam | 1 Cyberoam Os | 2025-04-12 | 10.0 HIGH | N/A |
| SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode. | |||||
| CVE-2015-1513 | 1 Siphon | 1 Siphone Enterprise Pbx | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username. | |||||
| CVE-2015-2065 | 1 Apptha | 1 Wordpress Video Gallery | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php. | |||||
| CVE-2016-1000118 | 1 Huge-it | 1 Slideshow | 2025-04-12 | 6.5 MEDIUM | 7.2 HIGH |
| XSS & SQLi in HugeIT slideshow v1.0.4 | |||||