Total
15489 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5078 | 1 Limesurvey | 1 Limesurvey | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter. | |||||
| CVE-2014-2948 | 1 Bizagi | 1 Business Process Management Suite | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request. | |||||
| CVE-2014-5389 | 1 Content Audit Project | 1 Content Audit | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php. | |||||
| CVE-2014-0137 | 1 Redhat | 1 Cloudforms 3.0 Management Engine | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists. | |||||
| CVE-2015-3947 | 1 Advantech | 1 Webaccess | 2025-04-12 | 6.5 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-2323 | 4 Debian, Lighttpd, Opensuse and 1 more | 5 Debian Linux, Lighttpd, Opensuse and 2 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. | |||||
| CVE-2015-3980 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | |||||
| CVE-2016-4999 | 1 Redhat | 3 Dashbuilder, Jboss Bpm Suite, Jboss Enterprise Brms Platform | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI. | |||||
| CVE-2014-7864 | 1 Zohocorp | 1 Manageengine Opmanager | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the (1) customerName or (2) serverRole parameter in a standbyUpdateInCentral operation to servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. | |||||
| CVE-2014-2540 | 1 Orbitscripts | 1 Orbit Open Ad Server | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory. | |||||
| CVE-2015-4064 | 1 Landing Pages Project | 1 Landing Pages | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php. | |||||
| CVE-2014-2008 | 1 Mpay24 Project | 1 Mpay24 | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter. | |||||
| CVE-2016-1000122 | 1 Huge-it | 1 Slider | 2025-04-12 | 6.5 MEDIUM | 7.2 HIGH |
| XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | |||||
| CVE-2015-0524 | 1 Emc | 1 Secure Remote Services | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-5865 | 1 Achievo | 1 Achievo | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action. | |||||
| CVE-2015-6299 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824. | |||||
| CVE-2015-1372 | 1 Ferretcms Project | 1 Ferretcms | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php. | |||||
| CVE-2014-9237 | 1 Proticaret | 1 Proticaret | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request. | |||||
| CVE-2014-9102 | 1 Kunena | 1 Kunena | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics[] parameter in an unfavorite action to index.php. | |||||
| CVE-2015-7299 | 1 Nintex | 3 K2 Blackpearl, K2 For Sharepoint, K2 Smartforms | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter. | |||||