Total
11321 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-0727 | 1 Cisco | 1 Unified Communications Manager | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318. | |||||
CVE-2014-6241 | 1 Wt Directory Project | 1 Wt Directory | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2014-5387 | 2 Ellislab, Expressionengine | 2 Expressionengine, Expressionengine | 2023-12-10 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php. | |||||
CVE-2015-1393 | 1 10web | 1 Photo Gallery | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php. | |||||
CVE-2015-1423 | 1 Jakweb | 1 Gecko Cms | 2023-12-10 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php. | |||||
CVE-2014-8596 | 1 Php-fusion | 1 Php-fusion | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php. | |||||
CVE-2014-9239 | 2 Invisioncommunity, Invisionpower | 2 Invision Power Board, Invision Power Board | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter. | |||||
CVE-2015-2314 | 1 Wpml | 1 Wpml | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed. | |||||
CVE-2014-1945 | 1 Opendocman | 1 Opendocman | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter. | |||||
CVE-2014-4034 | 1 Aas9 | 1 Zerocms | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | |||||
CVE-2014-9102 | 1 Kunena | 1 Kunena | 2023-12-10 | 6.5 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics[] parameter in an unfavorite action to index.php. | |||||
CVE-2014-8664 | 1 Sap | 1 Environment Health And Safety | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2014-4424 | 1 Apple | 1 Os X Server | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2014-9520 | 1 Infinitewp | 1 Infinitewp | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter. | |||||
CVE-2014-8248 | 1 Broadcom | 1 Release Automation | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query. | |||||
CVE-2014-7867 | 1 Zohocorp | 3 Manageengine It360, Manageengine Opmanager, Manageengine Social It Plus | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter. | |||||
CVE-2011-5278 | 1 Advanced Forum Signatures Project | 1 Advanced Forum Signatures | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right parameter. | |||||
CVE-2014-8668 | 1 Sap | 1 Contract Accounting | 2023-12-10 | 7.5 HIGH | N/A |
SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2015-2679 | 1 Genixcms | 1 Genixcms | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php. | |||||
CVE-2014-9089 | 2 Debian, Mantisbt | 2 Debian Linux, Mantisbt | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php. |