Total
16170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4619 | 2 Joomla, Lucygames | 2 Joomla\!, Com Lucygames | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-3469 | 1 Ushahidi | 1 Ushahidi Platform | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php. | |||||
| CVE-2012-0036 | 1 Curl | 2 Curl, Libcurl | 2025-04-11 | 7.5 HIGH | N/A |
| curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. | |||||
| CVE-2012-4281 | 1 Itechscripts | 1 Travelon Express | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php. | |||||
| CVE-2012-5967 | 1 Merethis | 1 Centreon | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter. | |||||
| CVE-2013-5321 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php. | |||||
| CVE-2010-1740 | 1 Freeguppy | 1 Guppy | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter. | |||||
| CVE-2010-5033 | 1 Fusebox | 1 Fusebox | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter. | |||||
| CVE-2013-6243 | 1 Landing Pages Project | 1 Landing Pages Plugin | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Landing Pages plugin 1.2.3, before 20131009, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the "post" parameter to index.php. | |||||
| CVE-2010-2095 | 1 Cmsqlite | 1 Cmsqlite | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||||
| CVE-2009-4967 | 2 Jochen Rieger, Typo3 | 2 Car, Typo3 | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-2689 | 1 Internetdm | 1 Webdm Cms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS allows remote attackers to execute arbitrary SQL commands via the cf_id parameter. | |||||
| CVE-2012-4601 | 1 Tecnick | 1 Tcexam | 2025-04-11 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php. | |||||
| CVE-2010-2317 | 1 Wmsdesign | 1 Wmscms | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp. | |||||
| CVE-2010-5017 | 1 Eliteladders | 1 Elite Gaming Ladders | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 allows remote attackers to execute arbitrary SQL commands via the account parameter. | |||||
| CVE-2012-0728 | 1 Ibm | 6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more | 2025-04-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-1078 | 1 Sphere.xlentprojects | 1 Spherecms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in archive.php in XlentProjects SphereCMS 1.1 alpha allows remote attackers to execute arbitrary SQL commands via encoded null bytes ("%00") in the view parameter, which bypasses a protection mechanism. | |||||
| CVE-2010-4791 | 2 Marcusg, Php-fusion | 2 Mg User Fotoalbum Panel, Php-fusion | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the album_id parameter. | |||||
| CVE-2011-4673 | 2 Automattic, Wordpress | 2 Jetpack, Wordpress | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2012-1672 | 1 Useasdf 4444 | 1 Hotel Booking Portal | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 allows remote attackers to execute arbitrary SQL commands via the country parameter. | |||||