Total
17788 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-2703 | 2 Osgeo, Umn | 2 Mapserver, Mapserver | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support. | |||||
| CVE-2012-5297 | 1 Mavili Guestbook Project | 1 Mavili Guestbook | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-4894 | 1 Chillycms | 1 Chillycms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-4960 | 1 Silverstripe | 1 Silverstripe | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4923 | 1 Virtuenetz | 1 Virtue Book Store | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in book/detail.php in Virtue Netz Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the bid parameter. | |||||
| CVE-2010-4891 | 2 Andreas Kiefer, Typo3 | 2 Ke Yac, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-1708 | 1 Freerealty.rwcinc | 1 Free Realty | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter). | |||||
| CVE-2009-4712 | 1 Tukanas | 1 Easyclassifieds Script | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Tukanas Classifieds (aka EasyClassifieds) Script 1.0 allows remote attackers to execute arbitrary SQL commands via the b parameter. | |||||
| CVE-2012-4941 | 1 Agilefleet | 2 Fleetcommander, Fleetcommander Kiosk | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-3973 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-2623 | 1 Internetdm | 1 Bed And Breakfast | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages.php in Internet DM Specialist Bed and Breakfast allows remote attackers to execute arbitrary SQL commands via the pp_id parameter. | |||||
| CVE-2013-0135 | 1 Chatelao | 1 Php Address Book | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php. | |||||
| CVE-2011-3989 | 1 Hiroyuki Oyama | 1 Dbd\ | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-1401 | 1 Auracms | 1 Auracms | 2025-04-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php. | |||||
| CVE-2011-5113 | 2 Joomla, Techdeluge | 2 Joomla\!, Com Techfolio | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2010-4936 | 2 Joomla, Webmaster-tips | 2 Joomla\!, Com Slideshow | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2013-5120 | 1 Phpfox | 1 Phpfox | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/. | |||||
| CVE-2010-4638 | 2 Iptechinside, Joomla | 2 Com Jquarks4s, Joomla\! | 2025-04-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php. | |||||
| CVE-2010-1925 | 1 Rifat Kurban | 1 Tekno.portal | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817. | |||||
| CVE-2012-0226 | 1 Invensys | 1 Wonderware Information Server | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||