Total
16001 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-4953 | 1 Topgames | 1 Top Games Script | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter. | |||||
| CVE-2010-1359 | 2 Bluegate, Xt-commerce | 2 Direct Url, Xt-commerce | 2025-04-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in bluegate_seo.inc.php in the Direct URL module for xt:Commerce, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the coID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2013-6787 | 1 Chamilo | 1 Chamilo Lms | 2025-04-11 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter. | |||||
| CVE-2013-7175 | 1 Avanset | 1 Visual Certexam Manager | 2025-04-11 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) Title, (2) File name, or (3) Candidate Name field. | |||||
| CVE-2012-2105 | 1 Peter Kovacs | 1 Timesheet Next Gen | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | |||||
| CVE-2010-4830 | 1 T-dreams | 1 Job Career Package | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter. | |||||
| CVE-2010-5006 | 1 Emophp | 1 Emo Realty Manager | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in googlemap/index.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the cat1 parameter. | |||||
| CVE-2010-4869 | 1 Drbenhur | 1 Dbhcms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter. | |||||
| CVE-2010-4912 | 1 Discuz | 1 Ucenter Home | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action. | |||||
| CVE-2013-6058 | 1 Apprain | 1 Apprain | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/. | |||||
| CVE-2010-4185 | 1 Energine | 1 Energine | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Energine, possibly 2.3.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the NRGNSID cookie. | |||||
| CVE-2010-0400 | 1 Mahara | 1 Mahara | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username. | |||||
| CVE-2011-1610 | 1 Cisco | 1 Unified Communications Manager | 2025-04-11 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064. | |||||
| CVE-2010-2678 | 2 Guillermo Vargas, Joomla | 2 Com Xmap, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
| CVE-2012-4070 | 1 Dir2web | 1 Dir2web | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php. | |||||
| CVE-2012-6586 | 1 Myrephp | 1 Myre Vacation Rental | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MYRE Vacation Rental Software allow remote attackers to execute arbitrary SQL commands via the (1) garage1 or (2) bathrooms1 parameter to vacation/1_mobile/search.php, or (3) unspecified input to vacation/widgate/request_more_information.php. | |||||
| CVE-2012-5348 | 1 Wilson Steven | 1 Mangosweb Enhanced | 2025-04-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php. | |||||
| CVE-2010-5016 | 1 Eliteladders | 1 Elite Gaming Ladders | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in matchdb.php in Elite Gaming Ladders 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the match parameter. | |||||
| CVE-2010-3484 | 1 Lightneasy | 1 Lightneasy | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593. | |||||
| CVE-2012-2324 | 1 Mybb | 1 Mybb | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP). | |||||