Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-4503 1 Aigaion 1 Aigaion 2025-04-11 N/A
SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action.
CVE-2010-4904 2 Joomla, Simon Philips 2 Joomla\!, Com Aardvertiser 2025-04-11 N/A
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-4905 1 Softbizscripts 1 Article Directory Script 2025-04-11 N/A
SQL injection vulnerability in article_details.php in Softbiz Article Directory Script allows remote attackers to execute arbitrary SQL commands via the sbiz_id parameter.
CVE-2010-4906 1 Zenphoto 1 Zenphoto 2025-04-11 N/A
SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 and 1.3.1.2 allows remote attackers to execute arbitrary SQL commands via the a parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-4915 1 Coldgen 1 Coldbookmarks 2025-04-11 N/A
SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action.
CVE-2010-4921 1 Dmxready 1 Polling Booth Manager 2025-04-11 N/A
SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady Polling Booth Manager allows remote attackers to execute arbitrary SQL commands via the QuestionID parameter in a results action.
CVE-2010-0471 1 Enanocms 1 Enanocms 2025-04-11 N/A
SQL injection vulnerability in the comment submission interface (includes/comment.php) in Enano CMS before 1.0.6pl1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
CVE-2010-4982 1 Mykazaam 1 Address \& Contact Organizer 2025-04-11 N/A
SQL injection vulnerability in address_book/contacts.php in My Kazaam Address & Contact Organizer allows remote attackers to execute arbitrary SQL commands via the var1 parameter.
CVE-2010-4505 1 Injader 1 Injader 2025-04-11 N/A
Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) un and (2) pw parameters.
CVE-2013-3412 1 Cisco 1 Unified Communications Manager 2025-04-11 N/A
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuh81766.
CVE-2012-6496 4 Cloudforms Cloudengine, Redhat, Rhel Sam and 1 more 5 1, Openshift, 1.1 and 2 more 2025-04-11 N/A
SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x before 3.1.9, and 3.2.x before 3.2.10 allows remote attackers to execute arbitrary SQL commands via a crafted request that leverages incorrect behavior of dynamic finders in applications that can use unexpected data types in certain find_by_ method calls.
CVE-2010-0605 1 Osticket 1 Osticket 2025-04-11 N/A
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
CVE-2010-2915 1 Ajsquare 1 Aj Hyip 2025-04-11 N/A
SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4989 1 Farsi-cms 1 Ziggurat Farsi Cms 2025-04-11 N/A
SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter.
CVE-2010-4990 2 B-elektro, Joomla 2 Com Addressbook, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php.
CVE-2010-4993 2 Joomla, Kay Messerschmidt 2 Joomla\!, Com Eventcal 2025-04-11 N/A
SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2012-6497 1 Rubyonrails 1 Rails 2025-04-11 N/A
The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentially unsafe find_by_id method calls, which might allow remote attackers to conduct CVE-2012-6496 SQL injection attacks via a crafted parameter in environments that have a known secret_token value, as demonstrated by a value contained in secret_token.rb in an open-source product.
CVE-2010-4782 1 Softwebsnepal 1 Ananda Real Estate 2025-04-11 N/A
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807.
CVE-2013-3522 1 Vbulletin 1 Vbulletin 2025-04-11 N/A
SQL injection vulnerability in index.php/ajax/api/reputation/vote in vBulletin 5.0.0 Beta 11, 5.0.0 Beta 28, and earlier allows remote authenticated users to execute arbitrary SQL commands via the nodeid parameter.
CVE-2009-4862 1 Abushhab 1 Alwasel 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php.