Total
15484 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-5201 | 1 Gallery Objects Project | 1 Gallery Objects | 2025-04-12 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php. | |||||
CVE-2014-3871 | 1 Geodesicsolutions | 1 Geocore Max | 2025-04-12 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823. | |||||
CVE-2016-9184 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure. | |||||
CVE-2014-2934 | 1 Caldera | 1 Caldera | 2025-04-12 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. | |||||
CVE-2015-6811 | 1 Cyberoam | 2 Cr500ing-xp, Cyberoamos | 2025-04-12 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml. | |||||
CVE-2014-8664 | 1 Sap | 1 Environment Health And Safety | 2025-04-12 | 7.5 HIGH | N/A |
SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2012-3820 | 1 Arialsoftware | 1 Campaign Enterprise | 2025-04-12 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field to activate.asp or (2) UID field to User-Edit.asp. | |||||
CVE-2011-5308 | 1 Cdnvote Project | 1 Cdnvote | 2025-04-12 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2) cdnvote_point parameter. | |||||
CVE-2014-8375 | 1 Gb-plugins | 1 Gb Gallery Slideshow | 2025-04-12 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php. | |||||
CVE-2014-3339 | 1 Cisco | 2 Unified Communications Domain Manager, Unified Presence Server | 2025-04-12 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290. | |||||
CVE-2014-4939 | 1 Enl Newsletter Plugin Project | 1 Enl-newsletter | 2025-04-12 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php. | |||||
CVE-2014-9348 | 1 Robotstats | 1 Robotstats | 2025-04-12 | 7.5 HIGH | N/A |
SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php. | |||||
CVE-2016-5817 | 1 Navis | 1 Webaccess | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-5078 | 1 Limesurvey | 1 Limesurvey | 2025-04-12 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter. | |||||
CVE-2014-2948 | 1 Bizagi | 1 Business Process Management Suite | 2025-04-12 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request. | |||||
CVE-2014-5389 | 1 Content Audit Project | 1 Content Audit | 2025-04-12 | 7.5 HIGH | N/A |
SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php. | |||||
CVE-2014-0137 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2025-04-12 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists. | |||||
CVE-2015-3947 | 1 Advantech | 1 Webaccess | 2025-04-12 | 6.5 MEDIUM | 8.1 HIGH |
SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2014-2323 | 4 Debian, Lighttpd, Opensuse and 1 more | 5 Debian Linux, Lighttpd, Opensuse and 2 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. | |||||
CVE-2015-3980 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. |