Total
17789 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4963 | 1 Hulihanapplications | 1 Hulihan Bxr | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. | |||||
| CVE-2012-1934 | 1 Sourcefabric | 1 Newscoop | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter. | |||||
| CVE-2010-4961 | 2 Dev-team Typoheads, Typo3 | 2 Webkitpdf, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4186 | 1 Onlinetechtools.com | 1 Oasys Professional | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5028 | 2 Harmistechnology, Joomla | 2 Com Jejob, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. | |||||
| CVE-2011-1562 | 1 Ecava | 1 Integraxor | 2025-04-11 | 7.5 HIGH | N/A |
| Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate. | |||||
| CVE-2010-1343 | 1 Bjsintay | 1 Sitex | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows remote attackers to execute arbitrary SQL commands via the albumid parameter. | |||||
| CVE-2011-4672 | 1 Valid | 1 Tiny-erp | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php. | |||||
| CVE-2010-2438 | 1 Laubrotel | 1 G.cms Generator | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably index.php. | |||||
| CVE-2010-4619 | 1 Webscripti | 1 Mafya Oyun Scrpti | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2012-4925 | 1 Imgpals | 1 Img Pals Photo Host | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1133 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php. | |||||
| CVE-2009-5091 | 1 Vlinks | 1 Vlinks | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-5003 | 1 E-soft24 | 1 Banner Exchange Script | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter. | |||||
| CVE-2010-2511 | 1 2daybiz | 1 Multi Level Marketing Software | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter. | |||||
| CVE-2010-0758 | 1 Softbizscripts | 1 Softbiz Jobs And Recruitment Script | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news_desc.php in Softbiz Jobs allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-5037 | 1 Michau Enterprises | 1 Sensesites Commonsense Cms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | |||||
| CVE-2012-0805 | 1 Sqlalchemy | 1 Sqlalchemy | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function. | |||||
| CVE-2010-0798 | 2 Snowflake, Typo3 | 2 T3blog, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-1557 | 1 Parallels | 1 Parallels Plesk Panel | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012. | |||||