Total
15369 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-15020 | 1 Liftkit Database Library Project | 1 Liftkit Database Library | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in liftkit database up to 2.13.1. It has been classified as critical. This affects the function processOrderBy of the file src/Query/Query.php. The manipulation leads to sql injection. Upgrading to version 2.13.2 is able to address this issue. The patch is named 42ec8f2b22e0b0b98fb5b4444ed451c1b21d125a. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218391. | |||||
| CVE-2016-15018 | 1 Krail-jpa Project | 1 Krail-jpa | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in krail-jpa up to 0.9.1. It has been classified as critical. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version 0.9.2 is able to address this issue. The identifier of the patch is c1e848665492e21ef6cc9be443205e36b9a1f6be. It is recommended to upgrade the affected component. The identifier VDB-218373 was assigned to this vulnerability. | |||||
| CVE-2016-15016 | 1 Joomla Mod Einsatz Stats Project | 1 Joomla Mod Einsatz Stats | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to version 0.3 is able to address this issue. The identifier of the patch is 27c1b443cff45c81d9d7d926a74c76f8b6ffc6cb. It is recommended to upgrade the affected component. The identifier VDB-217653 was assigned to this vulnerability. | |||||
| CVE-2016-15013 | 1 Forumhulp | 1 Search Results | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in ForumHulp searchresults. It has been rated as critical. Affected by this issue is the function list_keywords of the file event/listener.php. The manipulation of the argument word leads to sql injection. The name of the patch is dd8a312bb285ad9735a8e1da58e9e955837b7322. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217628. | |||||
| CVE-2016-15012 | 1 Salesforce | 1 Mobile Software Development Kit | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in forcedotcom SalesforceMobileSDK-Windows up to 4.x. It has been rated as critical. This issue affects the function ComputeCountSql of the file SalesforceSDK/SmartStore/Store/QuerySpec.cs. The manipulation leads to sql injection. Upgrading to version 5.0.0 is able to address this issue. The patch is named 83b3e91e0c1e84873a6d3ca3c5887eb5b4f5a3d8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217619. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2016-11024 | 1 Odata4j Project | 1 Odata4j | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. | |||||
| CVE-2016-11023 | 1 Odata4j Project | 1 Odata4j | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. | |||||
| CVE-2016-11018 | 1 Huge-it | 1 Image Gallery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback(). | |||||
| CVE-2016-11000 | 1 Smackcoders | 1 Ultimate Exporter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. | |||||
| CVE-2016-10951 | 1 Firestormplugins | 1 Fs-shopping-cart | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. | |||||
| CVE-2016-10950 | 1 Sirv | 1 Sirv | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. | |||||
| CVE-2016-10949 | 1 Relevanssi | 1 Relevanssi | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. | |||||
| CVE-2016-10947 | 1 Post Indexer Project | 1 Post Indexer | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin. | |||||
| CVE-2016-10943 | 1 Zx-csv-upload Project | 1 Zx-csv-upload | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter. | |||||
| CVE-2016-10942 | 1 Podlove | 1 Podlove Podcast Publisher | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF. | |||||
| CVE-2016-10940 | 1 Zm-gallery Project | 1 Zm-gallery | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. | |||||
| CVE-2016-10939 | 1 Xtremelocator | 1 Xtremelocator | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter. | |||||
| CVE-2016-10921 | 1 Ays-pro | 1 Photo Gallery | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection. | |||||
| CVE-2016-10917 | 1 Search Everything Project | 1 Search Everything | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316. | |||||
| CVE-2016-10916 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319. | |||||