Total
17789 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-0728 | 1 Ibm | 6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4983 | 1 Iscripts | 1 Cybermatch | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-2577 | 1 Pligg | 1 Pligg Cms | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbitrary SQL commands via the title parameter to (1) storyrss.php or (2) story.php. | |||||
| CVE-2014-1459 | 1 Doorgets | 1 Doorgets Cms | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2012-6497 | 1 Rubyonrails | 1 Rails | 2025-04-11 | 5.0 MEDIUM | N/A |
| The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product. | |||||
| CVE-2010-2616 | 1 Paul Mcenery | 1 Php Bible Search | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bible.php in PHP Bible Search, probably 0.99, allows remote attackers to execute arbitrary SQL commands via the chapter parameter. | |||||
| CVE-2011-5168 | 1 Bananadance | 1 Banana Dance | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2011-2403 | 1 Hp | 1 Network Automation | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-1618 | 1 Uaepd | 1 Shopping Cart Script | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php. | |||||
| CVE-2012-5910 | 1 B2evolution | 1 B2evolution | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter. | |||||
| CVE-2012-0935 | 1 Aryadad | 1 Aryadad Cms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter. | |||||
| CVE-2013-0684 | 1 Invensys | 1 Wonderware Information Server | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-2171 | 1 Ibm | 18 Ds4100, Ds4200, Ds4300 and 15 more | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI. | |||||
| CVE-2013-7193 | 1 Etoshop | 1 C2c Forward Auction Creator | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp. | |||||
| CVE-2010-1874 | 2 Com-property, Joomla | 2 Com Properties, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1653 | 1 Broadcom | 1 Total Defense | 2025-04-11 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures. | |||||
| CVE-2009-5102 | 1 Atcom | 1 Netvolution | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter. | |||||
| CVE-2010-2141 | 1 Nitropowered | 1 Nitro Web Gallery | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action. | |||||
| CVE-2013-3522 | 1 Vbulletin | 1 Vbulletin | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter. | |||||
| CVE-2009-4667 | 1 Phpmember | 1 Webmember | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in form.php in WebMember 1.0 allows remote authenticated users to execute arbitrary SQL commands via the formID parameter. | |||||