Total
16020 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-3953 | 1 Phplist | 1 Phplist | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page. | |||||
| CVE-2010-4865 | 2 Harmistechnology, Joomla | 2 Com Jeguestbook, Joomla\! | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php. | |||||
| CVE-2010-2338 | 1 Vunet | 1 Vu Web Visitor Analyst | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4971 | 2 Typo3, Vincent Tietz | 2 Typo3, Vjchat | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4999 | 1 Esoftpro | 1 Online Photo Pro | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in esoftpro Online Photo Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the section parameter. | |||||
| CVE-2010-4995 | 2 Joomla, Neojoomla | 2 Joomla\!, Com Neorecruit | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action to index.php, a different vector than CVE-2007-4506. | |||||
| CVE-2013-3437 | 1 Cisco | 1 Unified Operations Manager | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the management application in Cisco Unified Operations Manager allows remote authenticated users to execute arbitrary SQL commands via an entry field, aka Bug ID CSCud80179. | |||||
| CVE-2010-0951 | 1 Dev4u | 1 Dev4u Cms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter. | |||||
| CVE-2013-5589 | 3 Cacti, Debian, Opensuse | 3 Cacti, Debian Linux, Opensuse | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2011-2930 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a crafted column name. | |||||
| CVE-2012-5292 | 1 Atar2b | 1 Atar2b Cms | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php. | |||||
| CVE-2009-4883 | 1 Todd Rogers | 1 Phprecipebook | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action. | |||||
| CVE-2010-4360 | 1 Jurpo | 1 Jurpopage | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-5024 | 1 Cutesite | 1 Cutesite Cms | 2025-04-11 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in manage/add_user.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote authenticated users, with Read privileges, to execute arbitrary SQL commands via the user_id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0802 | 2 Aleinbeen, Invision Power Services | 2 \(nv2\) Awards, Invision Power Board | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action. | |||||
| CVE-2012-2363 | 1 Moodle | 1 Moodle | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event. | |||||
| CVE-2013-6001 | 1 Cybozu | 1 Garoon | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-4060 | 1 Asp-dev | 1 Xm Forums | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp. | |||||
| CVE-2010-4500 | 1 Mrcgiguy | 1 Freeticket | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) subject, and (4) message parameters in a sendmess action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-4925 | 1 Nuked-klan | 2 Nuked-klan, Partenaires Module | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in clic.php in the Partenaires module 1.5 for Nuked-Klan allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||