Total
15492 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-8668 | 1 Sap | 1 Contract Accounting | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-4159 | 1 Sap | 1 Hana Web-based Development Workbench | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | |||||
| CVE-2016-9282 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter. | |||||
| CVE-2015-6915 | 1 Montala | 1 Resourcespace | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php. | |||||
| CVE-2014-9520 | 1 Infinitewp | 1 Infinitewp | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter. | |||||
| CVE-2015-2183 | 1 Zeuscart | 1 Zeuscart | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to admin/. | |||||
| CVE-2015-1392 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-2303 | 1 Webedition | 1 Webedition Cms | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter. | |||||
| CVE-2014-10015 | 1 Phpjabbers | 1 Event Booking Calendar | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2014-9347 | 1 Phpmyrecipes Project | 1 Phpmyrecipes | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter. | |||||
| CVE-2015-7858 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. | |||||
| CVE-2015-8261 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request. | |||||
| CVE-2015-6943 | 1 S9y | 1 Serendipity | 2025-04-12 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php. | |||||
| CVE-2015-4713 | 1 Apphp | 1 Hotel Site | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php. | |||||
| CVE-2015-1369 | 1 Sequelize Project | 1 Sequelize | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2014-1645 | 1 Symantec | 1 Liveupdate Administrator | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-1000116 | 1 Huge-it | 1 Portfolio Gallery Manager | 2025-04-12 | 6.5 MEDIUM | 7.2 HIGH |
| Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | |||||
| CVE-2014-3415 | 1 Sharetronix | 1 Sharetronix | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group. | |||||
| CVE-2014-4034 | 1 Aas9 | 1 Zerocms | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | |||||
| CVE-2015-1400 | 1 Npds | 1 Revolution | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||