Total
15362 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4633 | 1 Sumeffect | 1 Digishop | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1. | |||||
| CVE-2010-4635 | 1 Site2nite | 1 Vacation Rental Listings | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2013-6058 | 1 Apprain | 1 Apprain | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/. | |||||
| CVE-2010-2696 | 1 Sijio | 1 Community Software | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter. | |||||
| CVE-2010-5029 | 1 Codefabrik | 1 Ecomat Cms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the show parameter in a web action. | |||||
| CVE-2011-2149 | 1 Smartertools | 1 Smarterstats | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) Default.aspx, (3) Services/SiteAdmin.asmx, or (4) Client/frmViewReports.aspx; certain cookies to (5) Services/SiteAdmin.asmx or (6) login.aspx; the Referer HTTP header to (7) Services/SiteAdmin.asmx or (8) login.aspx; or (9) the User-Agent HTTP header to Services/SiteAdmin.asmx. | |||||
| CVE-2013-4887 | 1 Springsignage | 1 Xibo | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter. | |||||
| CVE-2012-5894 | 1 Havalite | 1 Cms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter. | |||||
| CVE-2013-7192 | 1 Etoshop | 1 Dynamic Biz Website Builder Quickweb | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp. | |||||
| CVE-2012-5312 | 1 Tribiq | 1 Tribiq Cms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2012-2925 | 1 Simple Php Agenda | 1 Simple Php Agenda | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action. | |||||
| CVE-2011-3838 | 1 Wuzly | 1 Wuzly | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to fp.php, (2) epage parameter to newpage.php, (3) epost parameter to newpost.php, and (4) username parameter to login.php in admin/; or the (5) username parameter to mobile/login.php. | |||||
| CVE-2012-1673 | 1 Ola Lasisi | 1 E-ticketing | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in loginscript.php in e-ticketing allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2012-5912 | 1 Pico | 1 Picopublisher | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php. | |||||
| CVE-2012-6496 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls. | |||||
| CVE-2013-3536 | 1 Whmcs | 2 Group Pay, Whmcs | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the gp_LoadUserFromHash function in functions_hash.php in the Group Pay module 1.5 and earlier for WHMCS allows remote attackers to execute arbitrary SQL commands via the hash parameter. | |||||
| CVE-2010-1704 | 1 2daybiz | 1 Polls Script | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1562 | 1 Ecava | 1 Integraxor | 2025-04-11 | 7.5 HIGH | N/A |
| Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate. | |||||
| CVE-2011-4215 | 1 Oneorzero | 1 Aims | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable. | |||||
| CVE-2011-5109 | 1 John Geo | 1 Freelancer Calendar | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the SearchField parameter in a search action to (1) category_list.php, (2) Copy_of_calendar_list.php, (3) customer_statistics_list.php, (4) customer_list.php, and (5) task_statistics_list.php in the worldcalendar directory. | |||||