Total
15408 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-5121 | 1 Phpfox | 1 Phpfox | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/. | |||||
CVE-2010-1049 | 1 Uiga | 1 Business Portal | 2025-04-11 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php. | |||||
CVE-2012-5328 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-11 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php. | |||||
CVE-2009-4925 | 1 Creasito | 1 Creasito E-commerce Content Manager | 2025-04-11 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php. | |||||
CVE-2012-5909 | 1 Mybb | 1 Mybb | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php. | |||||
CVE-2009-4628 | 2 Joomla, Templateplaza | 2 Joomla\!, Com Tpdugg | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php. | |||||
CVE-2010-0724 | 1 Mhd Zaher Ghaibeh | 1 Arab Cart | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2012-5288 | 1 Accomplishtechnology | 1 Phpmydirectory | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2010-2135 | 1 Hazelpress | 1 Hazelpress | 2025-04-11 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in login.php in HazelPress Lite 0.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) password fields. | |||||
CVE-2011-4763 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2025-04-11 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files. | |||||
CVE-2010-2508 | 1 2daybiz | 1 Video Community Portal Script | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter. | |||||
CVE-2009-4965 | 2 Thomas Waggershauser, Typo3 | 2 Air Lexicon, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2009-4797 | 1 Jobhut.spranger | 1 Jobhut | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter. | |||||
CVE-2009-4973 | 1 Sweetphp | 1 Totalcalendar | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action. | |||||
CVE-2010-4979 | 1 Nicholas Berry | 1 Candid | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the image_id parameter. | |||||
CVE-2010-4359 | 1 Jurpo | 1 Jurpopage | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
CVE-2011-5139 | 1 Preprojects | 1 Business Cards Designer | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2012-5453 | 1 Atutor | 1 Acontent | 2025-04-11 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167. | |||||
CVE-2010-1331 | 1 Heartlogic | 1 Hl-sitemanager | 2025-04-11 | 7.5 HIGH | N/A |
SQL injection vulnerability in Heartlogic HL-SiteManager allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
CVE-2010-4006 | 2 Wsn, Wsnlinks | 3 Links, Wsn Links, Wsn Links | 2025-04-11 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter. |