Total
15388 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-10008 | 1 Eshop Project | 1 Eshop | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in sheilazpy eShop. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is e096c5849c4dc09e1074104531014a62a5413884. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217572. | |||||
| CVE-2013-10003 | 1 Telecomsoftware | 2 Samwin Agent, Samwin Contact Center | 2024-11-21 | 7.5 HIGH | 6.5 MEDIUM |
| A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the database handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2012-6719 | 1 Sharebar Project | 1 Sharebar | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The sharebar plugin before 1.2.2 for WordPress has SQL injection. | |||||
| CVE-2012-5698 | 1 Babygekko | 1 Babygekko | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| BabyGekko before 1.2.4 has SQL injection. | |||||
| CVE-2012-4383 | 1 Contao | 1 Contao | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| contao prior to 2.11.4 has a sql injection vulnerability | |||||
| CVE-2012-3336 | 2 Ibm, Linux | 2 Infosphere Guardium, Linux Kernel | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282. | |||||
| CVE-2012-1259 | 1 Plixer | 1 Scrutinizer Netflow \& Sflow Analyzer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter. | |||||
| CVE-2012-1124 | 1 Phxeventmanager Project | 1 Phxeventmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. | |||||
| CVE-2012-10011 | 1 Contus | 1 Hd Flv Player | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in HD FLV PLayer Plugin up to 1.7 on WordPress. It has been rated as critical. Affected by this issue is the function hd_add_media/hd_update_media of the file functions.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The patch is identified as 34d66b9f3231a0e2dc0e536a6fe615d736e863f7. It is recommended to upgrade the affected component. VDB-225350 is the identifier assigned to this vulnerability. | |||||
| CVE-2012-10009 | 1 404like Project | 1 404like | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in 404like Plugin up to 1.0.2 on WordPress. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 2c4b589d27554910ab1fd104ddbec9331b540f7f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223404. | |||||
| CVE-2012-10008 | 1 Oneapp Project | 1 Oneapp | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in uakfdotb oneapp. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 5413ac804f1b09f9decc46a6c37b08352c49669c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221483. | |||||
| CVE-2012-10006 | 1 Sigeprosi Project | 1 Sigeprosi | 2024-11-21 | 5.2 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as critical has been found in ale7714 sigeprosi. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 5291886f6c992316407c376145d331169c55f25b. It is recommended to apply a patch to fix this issue. The identifier VDB-218493 was assigned to this vulnerability. | |||||
| CVE-2011-5266 | 1 Imperva | 1 Securesphere Web Application Firewall | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. | |||||
| CVE-2011-5020 | 1 Online Tv Database Project | 1 Online Tv Database | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011. | |||||
| CVE-2011-4094 | 1 Jara Project | 1 Jara | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Jara 1.6 has a SQL injection vulnerability. | |||||
| CVE-2011-3584 | 1 Guidestar | 1 Wec Discussion Forum | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input. | |||||
| CVE-2011-3583 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input. | |||||
| CVE-2011-2936 | 1 Elgg | 1 Elgg | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Elgg through 1.7.10 has a SQL injection vulnerability | |||||
| CVE-2011-2715 | 1 Drupal | 2 Data, Drupal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names. | |||||
| CVE-2011-1939 | 3 Debian, Php, Zend | 3 Debian Linux, Php, Zend Framework | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. | |||||