Total
17788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1876 | 1 Ajsquare | 1 Aj Shopping Cart | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. | |||||
| CVE-2010-4869 | 1 Drbenhur | 1 Dbhcms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter. | |||||
| CVE-2010-1559 | 2 Joomla, Martin Hess | 2 Joomla\!, Com Sermonspeaker | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopup action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4752 | 1 Lightneasy | 1 Lightneasy | 2025-04-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1336 | 1 Invohost | 1 Invohost | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) newlanguage parameters to site.php, (3) search parameter to manuals.php, and (4) unspecified vectors to faq.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4720 | 1 Gnudip | 1 Gnudip | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4803 | 2 Andreas Schwarzkopf, Typo3 | 2 Accessibility Glossary, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-1050 | 1 Alexandre Dubus | 1 Audistat | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter. | |||||
| CVE-2012-3468 | 1 Ushahidi | 1 Ushahidi Platform | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php. | |||||
| CVE-2011-1342 | 1 Aimluck | 2 Aipo, Aipo-asp | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ASP before 5.1.1, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-5099 | 2 Chillcreations, Joomla | 2 Mod Ccnewsletter, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2042 | 1 Shopex | 1 Ecshop | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-6985 | 1 Enorth | 1 Webpublisher Cms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter. | |||||
| CVE-2012-1210 | 1 Powie | 1 Pfile | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2013-7225 | 1 Fatfreecrm | 1 Fat Free Crm | 2025-04-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature. | |||||
| CVE-2012-4949 | 1 Esri | 1 Arcgis Server | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. | |||||
| CVE-2010-5004 | 1 2daybiz | 1 Polls Script | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2010-0946 | 2 Joomla, Kiss-software | 2 Joomla\!, Com Ksadvertiser | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php. | |||||
| CVE-2011-4801 | 1 Authenex | 1 Authenex Strong Authentication System Server | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2014-1471 | 1 Otrs | 1 Otrs | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL. | |||||