Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6839 1 Instantsoft 1 Instantcms 2025-04-11 N/A
SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].
CVE-2014-0734 1 Cisco 1 Unified Communications Manager 2025-04-11 N/A
SQL injection vulnerability in the Certificate Authority Proxy Function (CAPF) implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum46483.
CVE-2013-6873 1 Testa 1 Online Test Management System 2025-04-11 N/A
SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter.
CVE-2013-6058 1 Apprain 1 Apprain 2025-04-11 N/A
SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/.
CVE-2011-1663 2 Drupal, Icanlocalize 2 Drupal, Translation Management 2025-04-11 N/A
SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-2511 1 2daybiz 1 Multi Level Marketing Software 2025-04-11 N/A
SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter.
CVE-2010-1604 1 Ncrypted 1 Nct Jobs Portal Script 2025-04-11 N/A
Multiple SQL injection vulnerabilities in admin_login.php in NCT Jobs Portal Script allow remote attackers to execute arbitrary SQL commands via the (1) user parameter (aka login field) and (2) passwd parameter (aka password field). NOTE: some of these details are obtained from third party information.
CVE-2011-1555 1 Aphpkb 1 Aphpkb 2025-04-11 N/A
SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. NOTE: some of these details are obtained from third party information.
CVE-2011-5110 1 John Geo 1 Blogs Manager 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/.
CVE-2013-4386 2 Redhat, Theforeman 3 Openstack, Satellite, Foreman 2025-04-11 N/A
Multiple SQL injection vulnerabilities in app/models/concerns/host_common.rb in Foreman before 1.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) fqdn or (2) hostgroup parameter.
CVE-2013-5957 1 Civicrm 1 Civicrm 2025-04-11 N/A
Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.
CVE-2013-6164 1 Projeqtor 1 Projeqtor 2025-04-11 N/A
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
CVE-2010-3428 1 Intermesh 1 Group-office 2025-04-11 N/A
SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action.
CVE-2009-4871 1 Logoshows 1 Logoshows Bbs 2025-04-11 N/A
SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
CVE-2009-4925 1 Creasito 1 Creasito E-commerce Content Manager 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php.
CVE-2009-4935 1 Esoftpro 1 Online Guestbook Pro 2025-04-11 N/A
SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter.
CVE-2013-5354 1 Sharetronix 1 Sharetronix 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) fb_user_id or (2) tw_user_id parameter to signup.
CVE-2013-6001 1 Cybozu 1 Garoon 2025-04-11 N/A
SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2009-5003 1 E-soft24 1 Banner Exchange Script 2025-04-11 N/A
SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
CVE-2013-6172 1 Roundcube 1 Webmail 2025-04-11 N/A
steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code.