Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4658 1 Milw0rm Project 1 Milw0rm Clone Script 2025-04-12 N/A
Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter.
CVE-2015-4628 1 Limesurvey 1 Limesurvey 2025-04-12 N/A
SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.
CVE-2015-4614 1 Easy2map Project 1 Easy2map 2025-04-12 N/A
Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.php and other unspecified vectors.
CVE-2015-4613 1 Developer Log Project 1 Developer Log 2025-04-12 N/A
SQL injection vulnerability in the backend module in the Developer Log (devlog) extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-4611 1 Smoelenboek Project 1 Smoelenboek 2025-04-12 N/A
SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-4610 1 Store Locator Project 1 Store Locator 2025-04-12 N/A
SQL injection vulnerability in the Store Locator (locator) extension before 3.3.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-4609 1 Wt Directory Project 1 Wt Directory 2025-04-12 N/A
SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-0735 2 Cartpauj, Wordpress 2 Mingle-forum, Wordpress 2025-04-12 N/A
Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php.
CVE-2014-2211 1 Posh Project 1 Posh 2025-04-12 N/A
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.
CVE-2016-1000125 1 Huge-it 1 Huge-it Catalog 2025-04-12 N/A
Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla
CVE-2016-10096 1 Genixcms 1 Genixcms 2025-04-12 N/A
SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the activation parameter.
CVE-2014-3055 1 Ibm 2 Websphere Portal, Websphere Portal Unified Task List Portlet 2025-04-12 N/A
SQL injection vulnerability in the Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1560 1 Centreon 1 Centreon 2025-04-12 N/A
SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php.
CVE-2014-3041 1 Ibm 1 Emptoris Contract Management 2025-04-12 N/A
SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 iFix 10, 10.0.0.x before 10.0.0.1 iFix 10, 10.0.1.x before 10.0.1.4, and 10.0.2.x before 10.0.2.2 iFix 2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5668 1 Techno Project Japan 1 Enisys Gw 2025-04-12 N/A
SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-2679 1 Genixcms 1 Genixcms 2025-04-12 N/A
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.
CVE-2013-1803 1 Php-fusion 1 Php-fusion 2025-04-12 N/A
Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) parameter name starting with "delete_attach_" in an edit action to forum/postedit.php; the (3) poll_opts[] parameter in a newthread action to forum/postnewthread.php; the (4) pm_email_notify, (5) pm_save_sent, (6) pm_inbox, (7) pm_sentbox, or (8) pm_savebox parameter to administration/settings_messages.php; the (9) thumb_compression, (10) photo_watermark_text_color1, (11) photo_watermark_text_color2, or (12) photo_watermark_text_color3 parameter to administration/settings_photo.php; the (13) enable parameter to administration/bbcodes.php; the (14) news_image, (15) news_image_t1, or (16) news_image_t2 parameter to administration/news.php; the (17) news_id parameter in an edit action to administration/news.php; or the (18) article_id parameter in an edit action to administration/articles.php. NOTE: the user ID cookie issue in Authenticate.class.php is already covered by CVE-2013-7375.
CVE-2014-2238 1 Mantisbt 1 Mantisbt 2025-04-12 N/A
SQL injection vulnerability in the manage configuration page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filter_config_id parameter.
CVE-2014-2008 1 Mpay24 Project 1 Mpay24 2025-04-12 N/A
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.
CVE-2012-3820 1 Arialsoftware 1 Campaign Enterprise 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field to activate.asp or (2) UID field to User-Edit.asp.