Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-3470 1 Ushahidi 1 Ushahidi Platform 2025-04-11 N/A
Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions.
CVE-2012-2908 1 Viscacha 1 Viscacha 2025-04-11 N/A
Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscacha 0.8.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) bbcodeexample, (2) buttonimage, or (3) bbcodetag parameter.
CVE-2012-3468 1 Ushahidi 1 Ushahidi Platform 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php.
CVE-2012-3032 1 Siemens 2 Simatic Pcs7, Wincc 2025-04-11 N/A
SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message.
CVE-2012-2962 1 Sonicwall 1 Scrutinizer 2025-04-11 N/A
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
CVE-2012-2961 1 Symantec 1 Web Gateway 2025-04-11 N/A
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-2338 1 Johan Cwiklinski 1 Galette 2025-04-11 N/A
SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php.
CVE-2011-1100 1 Pixelpost 1 Pixelpost 2025-04-11 N/A
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.
CVE-2012-2332 1 S9y 1 Serendipity 2025-04-11 N/A
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
CVE-2012-2325 1 Mybb 1 Mybb 2025-04-11 N/A
SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1022 1 4homepages 1 4images 2025-04-11 N/A
SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id parameter in an addcat action.
CVE-2013-5673 2 Indianic, Wordpress 2 Testimonial Plugin, Wordpress 2025-04-11 N/A
SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php.
CVE-2012-1815 1 Emerson 3 Deltav, Deltav Proessentials Scientific Graph, Deltav Workstation 2025-04-11 N/A
SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1778 1 Createvision 1 Createvision Cms 2025-04-11 N/A
SQL injection vulnerability in artykul_print.php in CreateVision CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2012-1777 1 F5 1 Firepass 2025-04-11 N/A
SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.
CVE-2012-1780 1 Socialcms 1 Socialcms 2025-04-11 N/A
SQL injection vulnerability in search.php in SocialCMS 1.0.5 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2012-1656 2 Drupal, Wesjones 2 Drupal, Multisite Search 2025-04-11 N/A
SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field.
CVE-2012-1225 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.
CVE-2011-0432 1 Simon Pamies 1 Pywebdav 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.
CVE-2011-0407 1 Phenotype-cms 1 Phenotype Cms 2025-04-11 N/A
SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained from third party information.