Total
15522 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2736 | 1 Modx | 1 Modx Revolution | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticated users to execute arbitrary SQL commands via the (2) user parameter to connectors/security/message.php or (3) id parameter to manager/index.php. | |||||
| CVE-2014-9445 | 1 Installatron | 1 Gatequest File Manager | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information. | |||||
| CVE-2015-2090 | 1 Sympies | 1 Wordpress Survey And Poll | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-10038 | 1 Domphp | 1 Domphp | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. | |||||
| CVE-2014-100022 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php. | |||||
| CVE-2014-1609 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to the (1) mc_project_get_attachments function in api/soap/mc_project_api.php; the (2) news_get_limited_rows function in core/news_api.php; the (3) summary_print_by_enum, (4) summary_print_by_age, (5) summary_print_by_developer, (6) summary_print_by_reporter, or (7) summary_print_by_category function in core/summary_api.php; the (8) create_bug_enum_summary or (9) enum_bug_group function in plugins/MantisGraph/core/graph_api.php; (10) bug_graph_bycategory.php or (11) bug_graph_bystatus.php in plugins/MantisGraph/pages/; or (12) proj_doc_page.php, related to use of the db_query function, a different vulnerability than CVE-2014-1608. | |||||
| CVE-2015-6962 | 1 Teiko | 1 Farol | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php. | |||||
| CVE-2016-3172 | 1 Cacti | 1 Cacti | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action. | |||||
| CVE-2012-0939 | 1 Testlink | 1 Testlink | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier allow remote authenticated users with the Requirement view permission to execute arbitrary SQL commands via the req_spec_id parameter to (1) reqSpecAnalyse.php, (2) reqSpecPrint.php, or (3) reqSpecView.php in requirements/. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2014-5200 | 1 Fb Gorilla Project | 1 Fb Gorilla | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2015-8769 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
| SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-8604 | 1 Cacti | 1 Cacti | 2025-04-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. | |||||
| CVE-2016-2299 | 1 Ecava | 1 Integraxor | 2025-04-12 | 7.5 HIGH | 7.3 HIGH |
| SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-7784 | 1 Bokublock | 2 Bbadminviewscontrol, Bbadminviewscontrol213 | 2025-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-2866 | 1 Grandstream | 2 Gxv3611 Hd, Gxv3611 Hd Firmware | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username. | |||||
| CVE-2014-3961 | 1 Xnau | 1 Participants Database | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/. | |||||
| CVE-2014-4824 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-2238 | 1 Mantisbt | 1 Mantisbt | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter. | |||||
| CVE-2014-8367 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-2843 | 1 Goautodial | 1 Goadmin Ce | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/. | |||||