Total
17788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4620 | 2 Joomla, Joomloc | 2 Joomla\!, Com Joomloc | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. | |||||
| CVE-2010-4975 | 2 Joomla, Techjoomla | 2 Joomla\!, Com Socialads | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in a showad action to index.php. | |||||
| CVE-2010-1918 | 1 Efrontlearning | 1 Efront | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter. | |||||
| CVE-2011-1667 | 1 Xmedien | 1 Anzeigenmarkt | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action. | |||||
| CVE-2012-5300 | 1 Mystorexpress | 1 Tienda Virtual | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2013-7278 | 1 Naxtech | 1 Cms Afroditi | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp. | |||||
| CVE-2011-5230 | 1 Seotoaster | 1 Seotoaster | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member. | |||||
| CVE-2010-3485 | 1 Lightneasy | 1 Lightneasy | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2012-6144 | 1 Typo3 | 1 Typo3 | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-5023 | 1 Cramerdev | 1 Digital Interchange Calendar | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in Digital Interchange Calendar 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intDivisionID parameter. | |||||
| CVE-2012-3435 | 1 Zabbix | 1 Zabbix | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | |||||
| CVE-2013-4720 | 2 Typo3, Webempoweredchurch | 2 Typo3, Wec Discussion | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-5218 | 1 Neubivljiv | 1 Dota Openstats | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2009-4734 | 1 Allomani | 1 Movies Library | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Allomani Movies Library (Movies & Clips) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | |||||
| CVE-2014-0729 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Enterprise Mobility Application (EMApp) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05302. | |||||
| CVE-2010-2719 | 1 Phpaa | 1 Phpaacms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2622 | 2 Joomanager, Joomla | 2 Joomanager, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2013-4662 | 1 Civicrm | 1 Civicrm | 2025-04-11 | 6.5 MEDIUM | N/A |
| The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick. | |||||
| CVE-2011-5031 | 1 Shilpisoft | 1 Capexweb | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5006 | 1 Emophp | 1 Emo Realty Manager | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in googlemap/index.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the cat1 parameter. | |||||