Total
15288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1405 | 1 Content Rating Extbase Project | 1 Content Rating Extbase | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-2174 | 1 Apache | 1 Ranger | 2025-04-12 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime. | |||||
| CVE-2015-7791 | 1 Welcart | 1 Welcart E-commerce | 2025-04-12 | 6.5 MEDIUM | 6.3 MEDIUM |
| Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter. | |||||
| CVE-2012-5849 | 1 Clip-bucket | 1 Clipbucket | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php. | |||||
| CVE-2015-3980 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | |||||
| CVE-2015-6004 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | 6.5 MEDIUM | 6.5 MEDIUM |
| Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter. | |||||
| CVE-2015-2216 | 1 Photocati Media | 1 Photocrati | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter. | |||||
| CVE-2014-100022 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php. | |||||
| CVE-2014-2351 | 1 Controlsystemworks | 1 Csworks | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests. | |||||
| CVE-2014-8681 | 1 Gogits | 1 Gogs | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues. | |||||
| CVE-2013-3961 | 1 Abeel | 1 Simple Php Agenda | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter. | |||||
| CVE-2015-5049 | 1 Ibm | 1 Openpages Grc Platform | 2025-04-12 | 6.5 MEDIUM | 5.4 MEDIUM |
| SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-2046 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-8586 | 1 Cp Multi View Event Calendar Project | 1 Cp Multi View Event Calendar | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. | |||||
| CVE-2014-8351 | 1 French National Commission On Informatics And Liberty | 1 Cookieviz | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter. | |||||
| CVE-2016-8907 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2014-5189 | 1 Leadoctopus | 1 Lead Octopus | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2014-2245 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-12 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2015-5599 | 1 Powerplay Gallery Project | 1 Powerplay Gallery | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter. | |||||
| CVE-2015-8369 | 1 Cacti | 1 Cacti | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php. | |||||