Total
19703 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-4257 | 1 Wordpress | 1 Wordpress | 2026-06-16 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field. | |||||
| CVE-2010-4186 | 1 Onlinetechtools.com | 1 Oasys Professional | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4185 | 1 Energine | 1 Energine | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Energine, possibly 2.3.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the NRGNSID cookie. | |||||
| CVE-2010-4166 | 1 Joomla | 1 Joomla\! | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php. | |||||
| CVE-2010-4152 | 1 4site | 1 4site Cms | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646. | |||||
| CVE-2010-4151 | 1 Deluxebb | 1 Deluxebb | 2026-06-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033. | |||||
| CVE-2010-4147 | 1 Avactis | 1 Avactis Shopping Cart | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to (1) index.php and (2) product-list.php. | |||||
| CVE-2010-4144 | 1 Aspindir | 1 Kisisel Radyo Script | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter. | |||||
| CVE-2010-4143 | 1 Phpcheckz | 1 Phpcheckz | 2026-06-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-4006 | 2 Wsn, Wsnlinks | 3 Links, Wsn Links, Wsn Links | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter. | |||||
| CVE-2010-3929 | 1 Modxcms | 1 Evolution | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch. | |||||
| CVE-2010-3924 | 1 Aimluck | 1 Aipo | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-3922 | 1 Sixapart | 1 Movabletype | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-3662 | 1 Typo3 | 1 Typo3 | 2026-06-16 | 6.5 MEDIUM | 8.8 HIGH |
| TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend. | |||||
| CVE-2010-3608 | 1 Wire Plastic Design | 1 Wpquiz | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php. | |||||
| CVE-2010-3604 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-3601 | 1 Invisionpower | 1 Ibphotohost | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter. | |||||
| CVE-2010-3485 | 1 Lightneasy | 1 Lightneasy | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-3484 | 1 Lightneasy | 1 Lightneasy | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593. | |||||
| CVE-2010-3482 | 1 Bouzouste | 1 Primitive Cms | 2026-06-16 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters. NOTE: this can be leveraged with CVE-2010-3483 to conduct attacks without authentication. | |||||
