Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-100020 1 Itechscripts 1 Itechclassifieds 2025-04-12 N/A
SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685.
CVE-2014-8681 1 Gogits 1 Gogs 2025-04-12 N/A
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.
CVE-2015-0161 1 Ibm 1 Security Siteprotector System 2025-04-12 N/A
SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-0894 1 Tips And Tricks Hq 1 All In One Wordpress Security And Firewall 2025-04-12 N/A
SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-0919 1 Sefrengo 1 Sefrengo 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.
CVE-2015-1000003 1 Filedownload Project 1 Filedownload 2025-04-12 N/A
Blind SQL Injection in filedownload v1.4 wordpress plugin
CVE-2015-1000011 1 Dukapress Project 1 Dukapress 2025-04-12 N/A
Blind SQL Injection in wordpress plugin dukapress v2.5.9
CVE-2015-1616 1 Mcafee 1 Data Loss Prevention Endpoint 2025-04-12 N/A
SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-2562 1 Web-dorado 1 Ecommerce Wd 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php.
CVE-2015-2563 1 Vastal 1 Phpvid 2025-04-12 N/A
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157.
CVE-2015-2564 1 Projectsend 1 Projectsend 2025-04-12 N/A
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.
CVE-2015-2679 1 Genixcms 1 Genixcms 2025-04-12 N/A
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.
CVE-2015-3325 1 Wpsymposium 1 Wp Symposium 2025-04-12 N/A
SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI.
CVE-2015-3345 1 Phplist Integration Project 1 Phplist Integration 2025-04-12 N/A
SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList database."
CVE-2015-3346 1 Wikiwiki Project 1 Wikiwiki 2025-04-12 N/A
SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-2070 1 Etouch 1 Samepage 2025-04-12 N/A
SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed.
CVE-2015-3427 2 Debian, Quassel-irc 2 Debian Linux, Quassel 2025-04-12 N/A
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.
CVE-2015-4426 1 Pimcore 1 Pimcore 2025-04-12 N/A
SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy.
CVE-2015-4454 2 Cacti, Fedoraproject 2 Cacti, Fedora 2025-04-12 N/A
SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.
CVE-2015-4609 1 Wt Directory Project 1 Wt Directory 2025-04-12 N/A
SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.