Total
15951 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9347 | 1 Phpmyrecipes Project | 1 Phpmyrecipes | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter. | |||||
| CVE-2015-7858 | 1 Joomla | 1 Joomla\! | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. | |||||
| CVE-2015-8261 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request. | |||||
| CVE-2015-6943 | 1 S9y | 1 Serendipity | 2025-04-12 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php. | |||||
| CVE-2015-4713 | 1 Apphp | 1 Hotel Site | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php. | |||||
| CVE-2015-1369 | 1 Sequelize Project | 1 Sequelize | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2014-1645 | 1 Symantec | 1 Liveupdate Administrator | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2016-1000116 | 1 Huge-it | 1 Portfolio Gallery Manager | 2025-04-12 | 6.5 MEDIUM | 7.2 HIGH |
| Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | |||||
| CVE-2014-3415 | 1 Sharetronix | 1 Sharetronix | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group. | |||||
| CVE-2014-4034 | 1 Aas9 | 1 Zerocms | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | |||||
| CVE-2015-1400 | 1 Npds | 1 Revolution | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||
| CVE-2014-3336 | 1 Cisco | 1 Unity Connection | 2025-04-12 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016. | |||||
| CVE-2014-4938 | 1 Wp Rss Poster Plugin Project | 1 Wp-rss-poster | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php. | |||||
| CVE-2014-1608 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request. | |||||
| CVE-2014-8507 | 1 Google | 1 Android | 2025-04-12 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135. | |||||
| CVE-2016-1000217 | 1 Zotpress Project | 1 Zotpress | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| Zotpress plugin for WordPress SQLi in zp_get_account() | |||||
| CVE-2015-1450 | 1 Restaurantbiller | 1 Restaurant Biller | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Restaurant Biller allows remote attackers to execute arbitrary SQL commands via the cid parameter in a category action to index.php. | |||||
| CVE-2014-5520 | 1 Xrms Crm Project | 1 Xrms Crm | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php. | |||||
| CVE-2014-2311 | 1 Modx | 1 Modx Revolution | 2025-04-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5462 | 1 Open-emr | 1 Openemr | 2025-04-12 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edit_layout.php; (2) form_patient_id, (3) form_drug_name, or (4) form_lot_number parameter to interface/reports/prescriptions_report.php; (5) payment_id parameter to interface/billing/edit_payment.php; (6) id parameter to interface/forms_admin/forms_admin.php; (7) form_pid or (8) form_encounter parameter to interface/billing/sl_eob_search.php; (9) sortby parameter to interface/logview/logview.php; form_facility parameter to (10) procedure_stats.php, (11) pending_followup.php, or (12) pending_orders.php in interface/orders/; (13) patient, (14) encounterid, (15) formid, or (16) issue parameter to interface/patient_file/deleter.php; (17) search_term parameter to interface/patient_file/encounter/coding_popup.php; (18) text parameter to interface/patient_file/encounter/search_code.php; (19) form_addr1, (20) form_addr2, (21) form_attn, (22) form_country, (23) form_freeb_type, (24) form_partner, (25) form_name, (26) form_zip, (27) form_state, (28) form_city, or (29) form_cms_id parameter to interface/practice/ins_search.php; (30) form_pid parameter to interface/patient_file/problem_encounter.php; (31) patient, (32) form_provider, (33) form_apptstatus, or (34) form_facility parameter to interface/reports/appointments_report.php; (35) db_id parameter to interface/patient_file/summary/demographics_save.php; (36) p parameter to interface/fax/fax_dispatch_newpid.php; or (37) patient_id parameter to interface/patient_file/reminder/patient_reminders.php. | |||||