Total
17793 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4915 | 1 Coldgen | 1 Coldbookmarks | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action. | |||||
| CVE-2012-5328 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php. | |||||
| CVE-2010-0952 | 1 Insanevisions | 1 Onecms | 2025-04-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action. | |||||
| CVE-2014-1619 | 1 Cubicfactory | 1 Cubic Cms | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agent.php or (3) login or (4) pass parameter to login.usuario. | |||||
| CVE-2012-2908 | 1 Viscacha | 1 Viscacha | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscacha 0.8.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) bbcodeexample, (2) buttonimage, or (3) bbcodetag parameter. | |||||
| CVE-2010-1522 | 2 Joomla, Ordasoft | 2 Joomla\!, Com Booklibrary | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php. | |||||
| CVE-2012-0401 | 1 Rsa | 1 Envision | 2025-04-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-5032 | 2 Joomla, Tamlyncreative | 2 Joomla\!, Com Bfquiztrial | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php. | |||||
| CVE-2009-4973 | 1 Sweetphp | 1 Totalcalendar | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action. | |||||
| CVE-2012-4868 | 2 Joomla, Kunena | 2 Joomla\!, Kunena | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2012-5327 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action. | |||||
| CVE-2012-1077 | 2 Manfred Egger, Typo3 | 2 Bc Post2facebook, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-0690 | 1 Commodityrentals | 1 Video Games Rentals | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CommodityRentals Video Games Rentals allows remote attackers to execute arbitrary SQL commands via the pfid parameter in a catalog action. | |||||
| CVE-2010-4872 | 1 Pilotcart | 1 Pilot Cart | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the specific parameter. | |||||
| CVE-2010-2133 | 1 Mylittleforum | 1 My Little Forum | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942. | |||||
| CVE-2010-1369 | 1 Preprojects | 1 Pre Classified Listings Asp | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the email parameter. | |||||
| CVE-2011-2930 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name. | |||||
| CVE-2010-1499 | 1 Musicboxv2 | 1 Musicbox | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in genre_artists.php in MusicBox 3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-4735 | 1 Ecommercemax | 1 Digital-goods Seller | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shoppingcart.asp in Ecommercemax Solutions Digital-goods seller (DGS) 1.5 allows remote attackers to execute arbitrary SQL commands via the d parameter. | |||||
| CVE-2012-2998 | 1 Trend Micro | 1 Control Manager | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||