Total
15288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0939 | 1 Testlink | 1 Testlink | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id parameter to (1) reqSpecAnalyse.php, (2) reqSpecPrint.php, or (3) reqSpecView.php in requirements/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2015-1560 | 1 Centreon | 1 Centreon | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php. | |||||
| CVE-2014-3246 | 1 O-dyn | 1 Collabtive | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php. | |||||
| CVE-2013-5640 | 1 Raoul Proenca | 1 Gnew | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thread_id to posts/edit.php vectors. | |||||
| CVE-2014-7871 | 1 Open-xchange | 1 Open-xchange Appsuite | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call. | |||||
| CVE-2014-9455 | 1 Cts Projects\&software | 1 Classad | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2014-3871 | 1 Geodesicsolutions | 1 Geocore Max | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823. | |||||
| CVE-2014-8363 | 1 Wordpress Spreadsheet Project | 1 Wordpress Spreadsheet | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | |||||
| CVE-2014-8995 | 1 Maarch | 1 Letterbox | 2025-04-12 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. | |||||
| CVE-2016-9282 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter. | |||||
| CVE-2015-6537 | 1 Epiphanyhealthdata | 1 Cardio Server | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL. | |||||
| CVE-2016-6611 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | 5.1 MEDIUM | 8.1 HIGH |
| An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | |||||
| CVE-2013-3081 | 1 Jojocms | 1 Jojo-cms | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/. | |||||
| CVE-2014-100011 | 1 Sendy | 1 Sendy | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||||
| CVE-2015-0684 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq52515. | |||||
| CVE-2013-7369 | 1 F-secure | 3 Anti-virus, Email And Server Security, Server Security | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure Server Security 9.20 before HF01 allows remote attackers to execute arbitrary SQL commands via unknown vectors, related to GetCommand. | |||||
| CVE-2015-1989 | 1 Ibm | 1 Security Qradar Incident Forensics | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5201 | 1 Gallery Objects Project | 1 Gallery Objects | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php. | |||||
| CVE-2013-2498 | 1 Simplehrm | 1 Simplehrm | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin. | |||||
| CVE-2012-4240 | 1 Group-office | 1 Groupoffice | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | |||||