Total
11302 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-10004 | 1 Maianscriptworld | 1 Maian Uploader | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2014-9305 | 1 Reality66 | 1 Cart66 Lite | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-admin/admin-ajax.php. | |||||
CVE-2014-8586 | 1 Cp Multi View Event Calendar Project | 1 Cp Multi View Event Calendar | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. | |||||
CVE-2014-0728 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Java database interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05313. | |||||
CVE-2014-1636 | 1 Doug Poulin | 1 Command School Student Management System | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/. | |||||
CVE-2014-1608 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the mci_file_get function in api/soap/mc_file_api.php in MantisBT before 1.2.16 allows remote attackers to execute arbitrary SQL commands via a crafted envelope tag in a mc_issue_attachment_get SOAP request. | |||||
CVE-2014-7201 | 1 Kevin Renskers | 1 Dmmjobcontrol | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/. | |||||
CVE-2015-3345 | 1 Phplist Integration Project | 1 Phplist Integration | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList database." | |||||
CVE-2014-5308 | 1 Testlink | 1 Testlink | 2023-12-10 | 9.0 HIGH | N/A |
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php. | |||||
CVE-2014-3339 | 1 Cisco | 2 Unified Communications Domain Manager, Unified Presence Server | 2023-12-10 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290. | |||||
CVE-2014-9347 | 1 Phpmyrecipes Project | 1 Phpmyrecipes | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter. | |||||
CVE-2012-5865 | 1 Achievo | 1 Achievo | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action. | |||||
CVE-2014-5104 | 1 Ol-commerce Project | 1 Ol-commerce | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php. | |||||
CVE-2014-2376 | 1 Ecava | 1 Integraxor | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-1400 | 1 Npds | 1 Revolution | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||
CVE-2013-7375 | 1 Php-fusion | 1 Php-fusion | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803. | |||||
CVE-2013-4887 | 1 Springsignage | 1 Xibo | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter. | |||||
CVE-2015-2183 | 1 Zeuscart | 1 Zeuscart | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to admin/. | |||||
CVE-2011-2944 | 1 Megalab | 1 The Uploader | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
CVE-2015-1517 | 1 Piwigo | 1 Piwigo | 2023-12-10 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php. |