Total
17788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-7814 | 1 Redhat | 1 Cloudforms 3.1 Management Engine | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 allows remote authenticated users to execute arbitrary SQL commands via a crafted REST API request to an SQL filter. | |||||
| CVE-2015-7297 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. | |||||
| CVE-2015-2066 | 1 Dlguard | 1 Dlguard | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php. | |||||
| CVE-2014-4939 | 1 Enl Newsletter Plugin Project | 1 Enl-newsletter | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php. | |||||
| CVE-2015-1008 | 1 Emerson | 1 Ams Device Manager | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input. | |||||
| CVE-2015-2849 | 1 Antlabs | 6 Inngate Ig 3.01 E, Inngate Ig 3.10 E, Inngate Ig 3.10 M and 3 more | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter. | |||||
| CVE-2015-7858 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. | |||||
| CVE-2014-3138 | 1 Xerox | 1 Docushare | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATH_INFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-3937 | 1 Ajaydsouza | 1 Contextual Related Posts | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-4852 | 1 Thedigitalcraft | 1 Atomcms | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2014-100003 | 1 Yourmembers Project | 1 Yourmembers | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI. | |||||
| CVE-2014-5189 | 1 Leadoctopus | 1 Lead Octopus | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2013-2045 | 1 Owncloud | 1 Owncloud Server | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-6513 | 1 J2store | 1 J2store | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_ids[] parameter to index.php. | |||||
| CVE-2014-3482 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. | |||||
| CVE-2015-2999 | 1 Sysaid | 1 Sysaid | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report or an (3) ActiveRequests report to /genericreport, (4) dir parameter to HelpDesk.jsp, or (5) grantSQL parameter to RFCGantt.jsp. | |||||
| CVE-2015-1491 | 1 Symantec | 1 Endpoint Protection Manager | 2025-04-12 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-4999 | 1 Redhat | 3 Dashbuilder, Jboss Bpm Suite, Jboss Enterprise Brms Platform | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI. | |||||
| CVE-2011-3197 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector. | |||||
| CVE-2011-5313 | 1 Redaxscript | 1 Redaxscript | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program. | |||||