Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-3602 1 Trivantis 1 Coursemill Learning Management System 2025-04-11 N/A
SQL injection vulnerability in admindocumentworker.jsp in Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to execute arbitrary SQL commands via the docID parameter.
CVE-2013-1163 1 Cisco 1 Connected Grid Network Management System 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the device-management implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCue14553 and CSCue38746.
CVE-2013-3578 1 Wave 2 Embassy Remote Administration Server, Embassy Remote Administration Server Help Desk 2025-04-11 N/A
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of operating-system commands.
CVE-2010-1874 2 Com-property, Joomla 2 Com Properties, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2013-3537 1 Wesley Destailleur 1 Todoo Forum 2025-04-11 N/A
Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter.
CVE-2013-3536 1 Whmcs 2 Group Pay, Whmcs 2025-04-11 N/A
SQL injection vulnerability in the gp_LoadUserFromHash function in functions_hash.php in the Group Pay module 1.5 and earlier for WHMCS allows remote attackers to execute arbitrary SQL commands via the hash parameter.
CVE-2013-7189 1 Iscripts 1 Autohoster 2025-04-11 N/A
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
CVE-2010-0724 1 Mhd Zaher Ghaibeh 1 Arab Cart 2025-04-11 N/A
SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-0723 1 Mhproducts 1 Ero Auktion 2025-04-11 N/A
SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-0721 1 Systemsoftware 1 Auktionshaus Gelb 2025-04-11 N/A
SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-0720 1 Systemsoftware 1 Erotik Auktionshaus 2025-04-11 N/A
SQL injection vulnerability in news.php in Erotik Auktionshaus allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-3531 1 Radiocms 1 Radiocms 2025-04-11 N/A
SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.
CVE-2010-0375 1 Jce-tech 1 Php Calendars Script 2025-04-11 N/A
SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2013-3530 2 Fabricio Zuardi, Wordpress 2 Xspf Player Plugin, Wordpress 2025-04-11 N/A
SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.
CVE-2010-0377 1 Phpmyspace 1 Phpmyspace 2025-04-11 N/A
SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: some of these details are obtained from third party information.
CVE-2013-3527 1 Vanillaforums 1 Vanilla 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
CVE-2013-3525 1 Bestpractical 1 Request Tracker 2025-04-11 N/A
SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims.
CVE-2013-6936 1 Mybb 1 Ajax Forum Stat 2025-04-11 N/A
Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.
CVE-2013-6341 1 Dokeos 1 Dokeos 2025-04-11 N/A
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
CVE-2013-3721 1 Psychostats 1 Psychostats 2025-04-11 N/A
SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter.