Total
15981 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-5135 | 1 Docebo | 1 Docebolms | 2025-04-11 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the save_connection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the (1) coursereportuiconfig[name] or (2) coursereportuiconfig[description] parameters to index.php. | |||||
| CVE-2009-4925 | 1 Creasito | 1 Creasito E-commerce Content Manager | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php. | |||||
| CVE-2010-1656 | 1 Airiny | 1 Com Abc | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Airiny ABC (com_abc) component 1.1.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sectionid parameter in an abc action to index.php. | |||||
| CVE-2010-4899 | 1 Webmanager-pro | 1 Cms Webmanager-pro | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-1053 | 1 Zentracking | 1 Zen Time Tracking | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-2933 | 1 Avscripts | 1 Av Arcade | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote attackers to execute arbitrary SQL commands via the ava_code cookie to the "main page," related to index.php and the login task. | |||||
| CVE-2012-3554 | 2 Joomla, Rsgallery2 | 2 Joomla\!, Com Rsgallery2 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-1911 | 1 Chatelao | 1 Php Address Book | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565. | |||||
| CVE-2009-5094 | 1 Cmsfaethon | 1 Cms Faethon | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter. | |||||
| CVE-2011-4674 | 1 Zabbix | 1 Zabbix | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter. | |||||
| CVE-2013-2690 | 1 Synchroweb | 1 Synconnect | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action. | |||||
| CVE-2011-1522 | 1 Doctrine-project | 5 Doctrine, Doctrine1.2.0, Doctrine1.2.1 and 2 more | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field. | |||||
| CVE-2010-2511 | 1 2daybiz | 1 Multi Level Marketing Software | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter. | |||||
| CVE-2010-2515 | 2 Dacian Strain, Joomla | 2 Com Jfaq, Joomla\! | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1546 | 1 Aphpkb | 1 Aphpkb | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-5058 | 1 Alephsystem | 1 Cms Ariadna | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the res_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-4633 | 1 Sumeffect | 1 Digishop | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1. | |||||
| CVE-2010-4954 | 1 Gambio | 1 Xt\ | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. | |||||
| CVE-2012-5910 | 1 B2evolution | 1 B2evolution | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter. | |||||
| CVE-2011-2141 | 1 Ibm | 1 Datacap Taskmaster Capture | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||