Total
17788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2690 | 1 Synchroweb | 1 Synconnect | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action. | |||||
| CVE-2013-6872 | 1 O-dyn | 1 Collabtive | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action. | |||||
| CVE-2010-4737 | 1 Hotwebscripts | 1 Hotweb Rentals | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter. | |||||
| CVE-2013-5517 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-11 | 5.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh96567. | |||||
| CVE-2013-4945 | 1 Bmc | 1 Service Desk Express | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the (6) UID parameter to login.aspx. | |||||
| CVE-2010-4925 | 1 Nuked-klan | 2 Nuked-klan, Partenaires Module | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in clic.php in the Partenaires module 1.5 for Nuked-Klan allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-1538 | 1 Bluestrikeweb | 1 Phpraincheck | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-3076 | 1 Blentz | 1 Smbind | 2025-04-11 | 7.5 HIGH | N/A |
| The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via the username parameter to the admin login page. | |||||
| CVE-2010-4298 | 1 Dustincowell | 1 Free Simple Software | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php. | |||||
| CVE-2011-5140 | 1 Diy-cms | 2 Blog, Diy-cms | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) control/approve_posts.php, and (i) control/viewcat.php; and the (2) month and (3) year parameters to archive.php. | |||||
| CVE-2012-5294 | 1 Mystorexpress | 1 Tienda Virtual | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-4702 | 2 Markus Barchfeld, Typo3 | 2 Pm Tour, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4784 | 1 Phpwebscripts | 1 Easy Banner Free | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2011-4802 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2025-04-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php. | |||||
| CVE-2010-0950 | 1 Natychmiast-cms | 1 Natychmiast-cms | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php. | |||||
| CVE-2011-5235 | 1 Mnogosearch | 1 Mnogosearch | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote attackers to execute arbitrary SQL commands via the hostname in a hypertext link. | |||||
| CVE-2013-7219 | 1 2glux | 1 Com Sexypolling | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter. | |||||
| CVE-2011-5234 | 1 Scripte24shop | 1 Social Network Community | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in Social Network Community 2 allows remote attackers to execute arbitrary SQL commands via the userId parameter. | |||||
| CVE-2010-4993 | 2 Joomla, Kay Messerschmidt | 2 Joomla\!, Com Eventcal | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
| CVE-2012-0747 | 1 Ibm | 6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||