Total
11322 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-3906 | 1 Kk-osk | 2 Advance-flow, Advance-flow Forms | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2014-2351 | 1 Controlsystemworks | 1 Csworks | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the LiveData service in CSWorks before 2.5.5233.0 allows remote attackers to execute arbitrary SQL commands via vectors related to pathnames contained in web API requests. | |||||
CVE-2014-9237 | 1 Proticaret | 1 Proticaret | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request. | |||||
CVE-2014-0821 | 1 Cybozu | 1 Garoon | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931. | |||||
CVE-2015-2065 | 1 Apptha | 1 Wordpress Video Gallery | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php. | |||||
CVE-2014-1455 | 1 Pearson | 1 Esis Enterprise Student Information System | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the password reset functionality in Pearson eSIS Enterprise Student Information System, possibly 3.3.0.13 and earlier, allows remote attackers to execute arbitrary SQL commands via the new password. | |||||
CVE-2014-3336 | 1 Cisco | 1 Unity Connection | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the web framework in Cisco Unity Connection 9.1(2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted request, aka Bug ID CSCuq31016. | |||||
CVE-2014-100012 | 1 Sendy | 1 Sendy | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. | |||||
CVE-2013-1408 | 1 Wysija Newsletters Project | 1 Wysija Newsletters | 2023-12-10 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | |||||
CVE-2014-6242 | 1 Tips And Tricks Hq | 1 All In One Wordpress Security And Firewall | 2023-12-10 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | |||||
CVE-2015-1442 | 1 Aas9 | 1 Zerocms | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. NOTE: The article_id parameter to zero_view_article.php vector is already covered by CVE-2014-4034. | |||||
CVE-2012-4240 | 1 Group-office | 1 Groupoffice | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. | |||||
CVE-2015-2066 | 1 Dlguard | 1 Dlguard | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php. | |||||
CVE-2014-5183 | 1 Simple Retail Menus Plugin Project | 1 Simple-retail-menus | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php. | |||||
CVE-2014-100020 | 1 Itechscripts | 1 Itechclassifieds | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685. | |||||
CVE-2014-7959 | 1 Ait-pro | 1 Bulletproof Security | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter. | |||||
CVE-2014-3857 | 1 Kerio | 1 Control | 2023-12-10 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php. | |||||
CVE-2013-4662 | 1 Civicrm | 1 Civicrm | 2023-12-10 | 6.5 MEDIUM | N/A |
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick. | |||||
CVE-2014-5184 | 1 Stripshow Plugin Project | 1 Stripshow | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php. | |||||
CVE-2013-3294 | 1 Exponentcms | 1 Exponent Cms | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php. |