Vulnerabilities (CVE)

Filtered by CWE-89
Total 15489 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-6345 1 Cisco 1 Secure Access Control Server 2025-04-12 6.5 MEDIUM N/A
SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuw24700.
CVE-2015-3346 1 Wikiwiki Project 1 Wikiwiki 2025-04-12 7.5 HIGH N/A
SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-8728 1 Subex 1 Roc Fraud Management System 2025-04-12 7.5 HIGH N/A
SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter.
CVE-2014-4313 1 Epicor 1 Epicor Procurement 2025-04-12 7.5 HIGH N/A
SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute arbitrary SQL commands via the User field.
CVE-2015-1989 1 Ibm 1 Security Qradar Incident Forensics 2025-04-12 6.5 MEDIUM N/A
SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-7876 1 Drupal 7 Driver For Sql Server And Sql Azure Project 1 Drupal 7 Driver For Sql Server And Sql Azure 2025-04-12 7.5 HIGH N/A
The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the db_like function.
CVE-2014-8306 1 C97 1 Cart Engine 2025-04-12 7.5 HIGH N/A
SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter.
CVE-2014-5201 1 Gallery Objects Project 1 Gallery Objects 2025-04-12 7.5 HIGH N/A
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php.
CVE-2014-3871 1 Geodesicsolutions 1 Geocore Max 2025-04-12 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823.
CVE-2016-9184 1 Exponentcms 1 Exponent Cms 2025-04-12 5.0 MEDIUM 7.5 HIGH
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure.
CVE-2014-2934 1 Caldera 1 Caldera 2025-04-12 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.
CVE-2015-6811 1 Cyberoam 2 Cr500ing-xp, Cyberoamos 2025-04-12 7.5 HIGH N/A
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.
CVE-2014-8664 1 Sap 1 Environment Health And Safety 2025-04-12 7.5 HIGH N/A
SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-3820 1 Arialsoftware 1 Campaign Enterprise 2025-04-12 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field to activate.asp or (2) UID field to User-Edit.asp.
CVE-2011-5308 1 Cdnvote Project 1 Cdnvote 2025-04-12 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2) cdnvote_point parameter.
CVE-2014-8375 1 Gb-plugins 1 Gb Gallery Slideshow 2025-04-12 6.5 MEDIUM N/A
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php.
CVE-2014-3339 1 Cisco 2 Unified Communications Domain Manager, Unified Presence Server 2025-04-12 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.
CVE-2014-4939 1 Enl Newsletter Plugin Project 1 Enl-newsletter 2025-04-12 6.5 MEDIUM N/A
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.
CVE-2014-9348 1 Robotstats 1 Robotstats 2025-04-12 7.5 HIGH N/A
SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php.
CVE-2016-5817 1 Navis 1 Webaccess 2025-04-12 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.