Total
15289 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4222 | 1 Cisco | 1 Unified Communications Manager Im And Presence Service | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325. | |||||
| CVE-2014-8506 | 1 Etiko | 1 Etiko Cms | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Etiko CMS allow remote attackers to execute arbitrary SQL commands via the (1) page_id parameter to loja/index.php or (2) article_id parameter to index.php. | |||||
| CVE-2015-4064 | 1 Landing Pages Project | 1 Landing Pages | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php. | |||||
| CVE-2014-9445 | 1 Installatron | 1 Gatequest File Manager | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. | |||||
| CVE-2014-1650 | 1 Symantec | 1 Web Gateway | 2025-04-12 | 5.2 MEDIUM | N/A |
| SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-2213 | 1 Wordpress | 1 Wordpress | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash. | |||||
| CVE-2015-7235 | 1 Cp Reservation Calender Project | 1 Cp Reservation Calender | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI. | |||||
| CVE-2013-4467 | 1 Vicidial | 1 Vicidial | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-5249 | 1 Biblio Autocomplete Project | 1 Biblio Autocomplete | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-6522 | 1 Wpsymposium | 1 Wp Symposium | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php. | |||||
| CVE-2014-9305 | 1 Reality66 | 1 Cart66 Lite | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-6331 | 1 Cisco | 1 Prime Collaboration Assurance | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCus39887. | |||||
| CVE-2015-6659 | 1 Drupal | 1 Drupal | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment. | |||||
| CVE-2014-2318 | 1 Atcom | 1 Netvolution | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter. | |||||
| CVE-2014-9175 | 1 Wpdatatables | 1 Wpdatatables | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-9115 | 1 Piwigo | 1 Piwigo | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit. | |||||
| CVE-2014-3415 | 1 Sharetronix | 1 Sharetronix | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group. | |||||
| CVE-2015-7682 | 1 Genetechsolutions | 1 Pie Register | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the (1) select_invitaion_code_bulk_option or (2) invi_del_id parameter in the pie-invitation-codes page to wp-admin/admin.php. | |||||
| CVE-2015-0919 | 1 Sefrengo | 1 Sefrengo | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php. | |||||
| CVE-2013-0735 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php. | |||||