Vulnerabilities (CVE)

Filtered by CWE-89
Total 15484 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-5201 1 Gallery Objects Project 1 Gallery Objects 2025-04-12 7.5 HIGH N/A
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php.
CVE-2014-3871 1 Geodesicsolutions 1 Geocore Max 2025-04-12 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823.
CVE-2016-9184 1 Exponentcms 1 Exponent Cms 2025-04-12 5.0 MEDIUM 7.5 HIGH
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure.
CVE-2014-2934 1 Caldera 1 Caldera 2025-04-12 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.
CVE-2015-6811 1 Cyberoam 2 Cr500ing-xp, Cyberoamos 2025-04-12 7.5 HIGH N/A
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.
CVE-2014-8664 1 Sap 1 Environment Health And Safety 2025-04-12 7.5 HIGH N/A
SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-3820 1 Arialsoftware 1 Campaign Enterprise 2025-04-12 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field to activate.asp or (2) UID field to User-Edit.asp.
CVE-2011-5308 1 Cdnvote Project 1 Cdnvote 2025-04-12 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2) cdnvote_point parameter.
CVE-2014-8375 1 Gb-plugins 1 Gb Gallery Slideshow 2025-04-12 6.5 MEDIUM N/A
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php.
CVE-2014-3339 1 Cisco 2 Unified Communications Domain Manager, Unified Presence Server 2025-04-12 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.
CVE-2014-4939 1 Enl Newsletter Plugin Project 1 Enl-newsletter 2025-04-12 6.5 MEDIUM N/A
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.
CVE-2014-9348 1 Robotstats 1 Robotstats 2025-04-12 7.5 HIGH N/A
SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php.
CVE-2016-5817 1 Navis 1 Webaccess 2025-04-12 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5078 1 Limesurvey 1 Limesurvey 2025-04-12 6.5 MEDIUM N/A
SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter.
CVE-2014-2948 1 Bizagi 1 Business Process Management Suite 2025-04-12 6.5 MEDIUM N/A
SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request.
CVE-2014-5389 1 Content Audit Project 1 Content Audit 2025-04-12 7.5 HIGH N/A
SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php.
CVE-2014-0137 1 Redhat 1 Cloudforms 3.0 Management Engine 2025-04-12 6.5 MEDIUM N/A
SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists.
CVE-2015-3947 1 Advantech 1 Webaccess 2025-04-12 6.5 MEDIUM 8.1 HIGH
SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-2323 4 Debian, Lighttpd, Opensuse and 1 more 5 Debian Linux, Lighttpd, Opensuse and 2 more 2025-04-12 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
CVE-2015-3980 1 Sap 1 Customer Relationship Management 2025-04-12 7.5 HIGH N/A
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.