Total
17788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2292 | 1 Yoast | 1 Wordpress Seo | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2015-2090 | 1 Sympies | 1 Wordpress Survey And Poll | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php. | |||||
| CVE-2012-5865 | 1 Achievo | 1 Achievo | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action. | |||||
| CVE-2014-9145 | 1 Fiyo | 1 Fiyo Cms | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/controller/article_list.php; or (5) email parameter in an email action or (6) username parameter in a user action to dapur/apps/app_user/controller/check_user.php. | |||||
| CVE-2015-3947 | 1 Advantech | 1 Webaccess | 2025-04-12 | 6.5 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-5703 | 2 Opensuse, Phpmyadmin | 3 Leap, Opensuse, Phpmyadmin | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allows remote attackers to execute arbitrary SQL commands via a crafted database name that is mishandled in a central column query. | |||||
| CVE-2013-5640 | 1 Raoul Proenca | 1 Gnew | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thread_id to posts/edit.php vectors. | |||||
| CVE-2015-6009 | 1 Refbase | 1 Refbase | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382. | |||||
| CVE-2014-2949 | 1 F5 | 1 Arx Data Manager | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web service in F5 ARX Data Manager 3.0.0 through 3.1.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-0939 | 1 Testlink | 1 Testlink | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id parameter to (1) reqSpecAnalyse.php, (2) reqSpecPrint.php, or (3) reqSpecView.php in requirements/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-9573 | 1 Mantisbt | 1 Mantisbt | 2025-04-12 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie. | |||||
| CVE-2014-2311 | 1 Modx | 1 Modx Revolution | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-7153 | 1 Huge-it | 1 Image Gallery | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php. | |||||
| CVE-2016-6453 | 1 Cisco | 1 Identity Services Engine | 2025-04-12 | 4.9 MEDIUM | 7.3 HIGH |
| A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876). | |||||
| CVE-2015-4064 | 1 Landing Pages Project | 1 Landing Pages | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php. | |||||
| CVE-2015-4634 | 1 Cacti | 1 Cacti | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. | |||||
| CVE-2014-100035 | 1 Licensepal | 1 Arcticdesk | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-4034 | 1 Aas9 | 1 Zerocms | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | |||||
| CVE-2014-3382 | 1 Cisco | 1 Asa | 2025-04-12 | 7.8 HIGH | N/A |
| The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027. | |||||
| CVE-2016-4522 | 1 Rockwellautomation | 1 Factorytalk Energrymetrix | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||