Total
14628 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9301 | 1 W3eden | 1 Live Forms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The liveforms plugin before 3.2.0 for WordPress has SQL injection. | |||||
| CVE-2015-9249 | 1 Skyboxsecurity | 1 Skybox Platform | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element. | |||||
| CVE-2015-9244 | 1 Mysqljs | 1 Mysql | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection. | |||||
| CVE-2015-8298 | 1 Rxtec | 1 Rxadmin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm. | |||||
| CVE-2015-7567 | 1 Yeager | 1 Yeager Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter. | |||||
| CVE-2015-7342 | 1 Joobi | 1 Jnews | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field. | |||||
| CVE-2015-7340 | 1 Gwesystems | 1 Jevents | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action. | |||||
| CVE-2015-7338 | 1 Acyba | 1 Acymailing | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php. | |||||
| CVE-2015-5725 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable. | |||||
| CVE-2015-5617 | 1 Enorth | 1 Webpublisher Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter. | |||||
| CVE-2015-5591 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands. | |||||
| CVE-2015-4633 | 1 Koha | 1 Koha | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface. | |||||
| CVE-2015-4615 | 1 Easy2map | 1 Easy2map-photos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables | |||||
| CVE-2015-4043 | 1 Connx | 1 Esp Hr Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx. | |||||
| CVE-2015-3424 | 1 Accentis | 1 Content Resource Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter. | |||||
| CVE-2015-3423 | 1 Netcracker | 1 Resource Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter. | |||||
| CVE-2015-2062 | 2 Huge-it, Microsoft | 2 Huge-it Slider, Windows | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php. | |||||
| CVE-2015-10126 | 1 Steven Ellis | 1 Easy2map Photos | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as 503d9ee2482d27c065f78d9546f076a406189908. It is recommended to upgrade the affected component. VDB-241318 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10124 | 1 Smartfan | 1 Most Popular Posts Widget | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 0.9 is able to address this issue. The patch is identified as a99667d11ac8d320006909387b100e9a8b5c12e1. It is recommended to upgrade the affected component. VDB-241026 is the identifier assigned to this vulnerability. | |||||
| CVE-2015-10122 | 1 Wp Donate Project | 1 Wp Donate | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in wp-donate Plugin up to 1.4 on WordPress. It has been classified as critical. This affects an unknown part of the file includes/donate-display.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.5 is able to address this issue. The identifier of the patch is 019114cb788d954c5d1b36d6c62418619e93a757. It is recommended to upgrade the affected component. The identifier VDB-234249 was assigned to this vulnerability. | |||||