Total
15288 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5182 | 1 Ostenta | 1 Yawpp | 2025-04-12 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php. | |||||
| CVE-2014-5184 | 1 Stripshow Plugin Project | 1 Stripshow | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php. | |||||
| CVE-2015-5648 | 1 Loenshotel | 1 Phprechnung | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-9287 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection. | |||||
| CVE-2015-3993 | 1 Actian | 1 Matrix | 2025-04-12 | 6.5 MEDIUM | N/A |
| Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table. | |||||
| CVE-2014-6080 | 1 Ibm | 2 Security Access Manager For Mobile, Security Access Manager For Web | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-6233 | 1 Flat Manager Project | 1 Flat Manager | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-1423 | 1 Jakweb | 1 Gecko Cms | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php. | |||||
| CVE-2015-1875 | 1 Palosanto | 1 Elastix | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in a2billing/customer/iridium_threed.php in Elastix 2.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the transactionID parameter. | |||||
| CVE-2014-0821 | 1 Cybozu | 1 Garoon | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931. | |||||
| CVE-2003-1598 | 1 Wordpress | 1 Wordpress | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in log.header.php in WordPress 0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the posts variable. | |||||
| CVE-2015-4160 | 1 Sap | 1 Ase Database Platform | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. | |||||
| CVE-2015-1310 | 1 Sybase | 1 Adaptive Server Enterprise | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2016-0710 | 1 Apache | 1 Jetspeed | 2025-04-12 | 7.5 HIGH | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/. | |||||
| CVE-2016-1000113 | 1 Huge-it | 1 Gallery | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| XSS and SQLi in huge IT gallery v1.1.5 for Joomla | |||||
| CVE-2015-4713 | 1 Apphp | 1 Hotel Site | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php. | |||||
| CVE-2012-6290 | 1 Imagecms | 1 Imagecms | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | |||||
| CVE-2016-1308 | 1 Samsung | 1 X14j Firmware | 2025-04-12 | 6.5 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227. | |||||
| CVE-2016-1000217 | 1 Zotpress Project | 1 Zotpress | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Zotpress plugin for WordPress SQLi in zp_get_account() | |||||
| CVE-2014-10034 | 1 Couponphp | 1 Couponphp | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/. | |||||