Total
17788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9097 | 1 Apptha | 1 Contus Video Gallery | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the playlistId parameter in the newplaylist page or (3) videoId parameter in a newvideo page to wp-admin/admin.php. | |||||
| CVE-2013-0735 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php. | |||||
| CVE-2014-9348 | 1 Robotstats | 1 Robotstats | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php. | |||||
| CVE-2016-1000122 | 1 Huge-it | 1 Slider | 2025-04-12 | 6.5 MEDIUM | 7.2 HIGH |
| XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | |||||
| CVE-2012-4240 | 1 Group-office | 1 Groupoffice | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | |||||
| CVE-2015-1889 | 1 Ibm | 1 Infosphere Biginsights | 2025-04-12 | 6.5 MEDIUM | N/A |
| The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or (2) an import of a certain Hive table definition with the HCAT_SYNC_OBJECTS procedure. | |||||
| CVE-2014-8766 | 1 Allomani | 1 Allomani Weblinks | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in a browse action to index.php or (2) unspecified parameters to admin.php. | |||||
| CVE-2014-8554 | 1 Mantisbt | 1 Mantisbt | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609. | |||||
| CVE-2014-3906 | 1 Kk-osk | 2 Advance-flow, Advance-flow Forms | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-8682 | 1 Gogits | 1 Gogs | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go. | |||||
| CVE-2014-9102 | 1 Kunena | 1 Kunena | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics[] parameter in an unfavorite action to index.php. | |||||
| CVE-2016-2355 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1. | |||||
| CVE-2013-7355 | 1 Sap | 1 Bi Universal Data Integration | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP BI Universal Data Integration allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to the J2EE schema. | |||||
| CVE-2014-2022 | 1 Vbulletin | 1 Vbulletin | 2025-04-12 | 7.1 HIGH | N/A |
| SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request. | |||||
| CVE-2014-10023 | 1 Topicsviewer | 1 Topicsviewer | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/. | |||||
| CVE-2015-0699 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. | |||||
| CVE-2015-2803 | 1 Akronymmanager Project | 1 Akronymmanager | 2025-04-12 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2014-7868 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet. | |||||
| CVE-2014-8588 | 1 Sap | 1 Hana | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-1393 | 1 Cisco | 1 Cloud Network Automation Provisioner | 2025-04-12 | 6.5 MEDIUM | 7.1 HIGH |
| SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175. | |||||