Total
15300 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1854 | 1 Adrotateplugin | 1 Adrotate | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter. | |||||
| CVE-2015-7858 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. | |||||
| CVE-2015-1428 | 1 Sefrengo | 1 Sefrengo | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php. | |||||
| CVE-2015-1393 | 1 10web | 1 Photo Gallery | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php. | |||||
| CVE-2015-1605 | 1 Dell | 1 Asset Manager | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) GetClientPackage.aspx or (2) GetProcessedPackage.aspx. | |||||
| CVE-2015-2237 | 1 Betster Project | 1 Betster | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php. | |||||
| CVE-2013-5117 | 1 Zldnn | 1 Dnnarticle | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter. | |||||
| CVE-2014-10023 | 1 Topicsviewer | 1 Topicsviewer | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/. | |||||
| CVE-2015-5659 | 1 Network Applied Communication Laboratory | 1 Shimane Prefecture Cms | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-4454 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. | |||||
| CVE-2015-1442 | 1 Aas9 | 1 Zerocms | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. NOTE: The article_id parameter to zero_view_article.php vector is already covered by CVE-2014-4034. | |||||
| CVE-2014-2737 | 1 Knowledgetree | 1 Knowledgetree | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function. | |||||
| CVE-2014-5389 | 1 Content Audit Project | 1 Content Audit | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php. | |||||
| CVE-2015-1372 | 1 Ferretcms Project | 1 Ferretcms | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php. | |||||
| CVE-2014-0966 | 1 Ibm | 2 Infosphere Master Data Management, Infosphere Master Data Management Server For Product Information Management | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 10.x and 11.x before 11.0-FP5 and InfoSphere Master Data Management Server for Product Information Management 9.x through 11.x before 11.3-IF2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-1403 | 1 Content Rating Project | 1 Content Rating | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-4609 | 1 Wt Directory Project | 1 Wt Directory | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-0161 | 1 Ibm | 1 Security Siteprotector System | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-4649 | 1 Piwigo | 1 Piwigo | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field. | |||||
| CVE-2015-8604 | 1 Cacti | 1 Cacti | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. | |||||