Total
15742 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5459 | 1 Zohocorp | 1 Manageengine Password Manager Pro | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc. | |||||
| CVE-2015-4426 | 1 Pimcore | 1 Pimcore | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy. | |||||
| CVE-2014-3962 | 1 Videos Tube Project | 1 Videos Tube | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php. | |||||
| CVE-2012-0811 | 1 Postfix | 1 Postfix | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php. | |||||
| CVE-2015-1560 | 1 Centreon | 1 Centreon | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php. | |||||
| CVE-2014-9258 | 1 Glpi-project | 1 Glpi | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter. | |||||
| CVE-2013-2498 | 1 Simplehrm | 1 Simplehrm | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin. | |||||
| CVE-2015-8377 | 1 Cacti | 1 Cacti | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serialized data in the selected_graphs_array parameter in a save action. | |||||
| CVE-2011-5277 | 1 Advanced Forum Signatures Project | 1 Advanced Forum Signatures | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2013-2945 | 1 B2evolution | 1 B2evolution | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | |||||
| CVE-2014-5184 | 1 Stripshow Plugin Project | 1 Stripshow | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php. | |||||
| CVE-2014-3996 | 1 Manageengine | 3 Desktop Central, It360, Password Manager Pro | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat. | |||||
| CVE-2016-1000125 | 1 Huge-it | 1 Huge-it Catalog | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla | |||||
| CVE-2015-1403 | 1 Content Rating Project | 1 Content Rating | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-8902 | 1 Dotcms | 1 Dotcms | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the categoriesServlet servlet in dotCMS before 3.3.1 allows remote not authenticated attackers to execute arbitrary SQL commands via the sort parameter. | |||||
| CVE-2014-0763 | 1 Advantech | 1 Advantech Webaccess | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary SQL commands via SOAP requests to unspecified functions. | |||||
| CVE-2015-0894 | 1 Tips And Tricks Hq | 1 All In One Wordpress Security And Firewall | 2025-04-12 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-9175 | 1 Wpdatatables | 1 Wpdatatables | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php. | |||||
| CVE-2014-5159 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter. | |||||
| CVE-2016-9283 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue. | |||||