Total
15391 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-1019 | 2 Sk-typo3, Typo3 | 2 Sk Simplegallery, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2010-4751 | 1 Lightneasy | 1 Lightneasy | 2025-04-11 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. | |||||
CVE-2012-4990 | 1 Openx | 1 Openx | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action. | |||||
CVE-2011-5113 | 2 Joomla, Techdeluge | 2 Joomla\!, Com Techfolio | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
CVE-2011-4824 | 1 Cacti | 1 Cacti | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter. | |||||
CVE-2014-1636 | 1 Doug Poulin | 1 Command School Student Management System | 2025-04-11 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/. | |||||
CVE-2012-1022 | 1 4homepages | 1 4images | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id parameter in an addcat action. | |||||
CVE-2009-4727 | 1 Junglescripts | 1 Ajax Short Url Script | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
CVE-2013-5015 | 1 Symantec | 2 Endpoint Protection Manager, Protection Center | 2025-04-11 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2014-0080 | 1 Rubyonrails | 1 Rails | 2025-04-11 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns. | |||||
CVE-2010-4824 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter. | |||||
CVE-2010-2924 | 2 Silvercover, Wordpress | 2 Mylinksdump Plugin, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2010-2915 | 1 Ajsquare | 1 Aj Hyip | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2012-2601 | 1 Progress | 1 Whatsup Gold | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter. | |||||
CVE-2010-2678 | 2 Guillermo Vargas, Joomla | 2 Com Xmap, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
CVE-2011-1480 | 1 Phpnuke | 1 Php-nuke | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter. | |||||
CVE-2010-1047 | 1 Masa2el | 1 Music City | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a singer action. | |||||
CVE-2010-5022 | 2 Harmistechnology, Joomla | 2 Com Jesubmit, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php. | |||||
CVE-2010-4799 | 1 Chipmunk-scripts | 1 Pwngame | 2025-04-11 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to authenticate.php and the (3) ID parameter to pwn.php. NOTE: some of these details are obtained from third party information. | |||||
CVE-2012-0199 | 1 Ibm | 1 Tivoli Provisioning Manager Express For Software Distribution | 2025-04-11 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file. |