Total
17788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5262 | 1 Cacti | 1 Cacti | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-10015 | 1 Phpjabbers | 1 Event Booking Calendar | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2014-8995 | 1 Maarch | 1 Letterbox | 2025-04-12 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. | |||||
| CVE-2015-5642 | 1 Icz | 1 Matchasns | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-4678 | 1 Persian Car Cms Project | 1 Persian Car Cms | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI. | |||||
| CVE-2013-7406 | 1 Mrbs Project | 1 Mrbs | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-8083 | 1 Osclass | 1 Osclass | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action. | |||||
| CVE-2014-4649 | 1 Piwigo | 1 Piwigo | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field. | |||||
| CVE-2016-2950 | 1 Ibm | 1 Bigfix Remote Control | 2025-04-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-2972 | 1 Sysphonic | 1 Thetis | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-5817 | 1 Navis | 1 Webaccess | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-9242 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter. | |||||
| CVE-2014-9528 | 1 Humhub | 1 Humhub | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error. | |||||
| CVE-2015-2035 | 1 Piwigo | 1 Piwigo | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php. | |||||
| CVE-2015-4426 | 1 Pimcore | 1 Pimcore | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy. | |||||
| CVE-2012-0811 | 1 Postfix | 1 Postfix | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php. | |||||
| CVE-2014-2317 | 1 Opendocman | 1 Opendocman | 2025-04-12 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2015-1367 | 1 Catbot Project | 1 Catbot | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter. | |||||
| CVE-2015-2070 | 1 Etouch | 1 Samepage | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed. | |||||
| CVE-2014-6233 | 1 Flat Manager Project | 1 Flat Manager | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||