Search Results (19026 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-2721 1 Rightinpoint 1 Lyrics Engine 2025-04-11 N/A
SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action.
CVE-2013-7192 1 Etoshop 1 Dynamic Biz Website Builder Quickweb 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp.
CVE-2010-0690 1 Commodityrentals 1 Video Games Rentals 2025-04-11 N/A
SQL injection vulnerability in index.php in CommodityRentals Video Games Rentals allows remote attackers to execute arbitrary SQL commands via the pfid parameter in a catalog action.
CVE-2011-4066 1 Sir 1 Gnuboard 2025-04-11 N/A
SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
CVE-2013-7139 1 Cynthia Fridsma 1 Horizon Quick Content Management System 2025-04-11 N/A
SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.
CVE-2011-4215 1 Oneorzero 1 Aims 2025-04-11 N/A
SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable.
CVE-2013-7096 1 Sap 1 Emr Unwired 2025-04-11 N/A
Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-2826 1 Cisco 1 Wireless Control System Software 2025-04-11 N/A
SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019.
CVE-2011-1060 1 Webmastersite 1 Wsn Guest 2025-04-11 N/A
SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php.
CVE-2013-7094 1 Sap 1 Netweaver 2025-04-11 N/A
SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-7092 1 Mcafee 1 Email Gateway 2025-04-11 N/A
Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2) event_id, (3) reason, (4) events_order, (5) emailstatus_order, or (6) emailstatus_col JSON keys.
CVE-2010-1499 1 Musicboxv2 1 Musicbox 2025-04-11 N/A
SQL injection vulnerability in genre_artists.php in MusicBox 3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-3989 1 Hiroyuki Oyama 1 Dbd\ 2025-04-11 N/A
SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-3838 1 Wuzly 1 Wuzly 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to fp.php, (2) epage parameter to newpage.php, (3) epost parameter to newpost.php, and (4) username parameter to login.php in admin/; or the (5) username parameter to mobile/login.php.
CVE-2011-3831 1 Sitracker 1 Support Incident Tracker 2025-04-11 N/A
SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name.
CVE-2013-6985 1 Enorth 1 Webpublisher Cms 2025-04-11 N/A
SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter.
CVE-2011-3130 1 Wordpress 1 Wordpress 2025-04-11 N/A
wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection.
CVE-2013-6983 1 Cisco 1 Unified Presence Server 2025-04-11 N/A
SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615.
CVE-2013-6930 1 Cybozu 1 Garoon 2025-04-11 N/A
SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929.
CVE-2010-2907 2 Huruhelpdesk, Joomla 2 Com Huruhelpdesk, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php.