Total
13005 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-4650 | 1 Ibm | 1 Maximo Asset Management | 2024-09-17 | 6.3 Medium |
| IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 170961. | ||||
| CVE-2008-7120 | 1 Mrcgiguy | 1 Hot Links Sql-php | 2024-09-17 | N/A |
| SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter. | ||||
| CVE-2013-3536 | 1 Whmcs | 2 Group Pay, Whmcs | 2024-09-17 | N/A |
| SQL injection vulnerability in the gp_LoadUserFromHash function in functions_hash.php in the Group Pay module 1.5 and earlier for WHMCS allows remote attackers to execute arbitrary SQL commands via the hash parameter. | ||||
| CVE-2010-5096 | 2 Mybb, Mybboard | 2 Mybb, Mybb | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error. | ||||
| CVE-2017-1670 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-09-17 | N/A |
| IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 133637. | ||||
| CVE-2017-15373 | 1 Softwarepublico | 1 E-sic | 2024-09-17 | N/A |
| E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). | ||||
| CVE-2022-34877 | 1 Vicidial | 1 Vicidial | 2024-09-17 | 6.4 Medium |
| SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. | ||||
| CVE-2015-6513 | 1 J2store | 1 J2store | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_ids[] parameter to index.php. | ||||
| CVE-2010-0956 | 1 Opencart | 1 Opencart | 2024-09-17 | N/A |
| SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. | ||||
| CVE-2019-8423 | 1 Zoneminder | 1 Zoneminder | 2024-09-17 | N/A |
| ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter. | ||||
| CVE-2011-1522 | 1 Doctrine-project | 5 Doctrine, Doctrine1.2.0, Doctrine1.2.1 and 2 more | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field. | ||||
| CVE-2018-1289 | 1 Apache | 1 Fineract | 2024-09-17 | N/A |
| In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, the system exposes different REST end points to query domain specific entities with a Query Parameter 'orderBy' and 'sortOrder' which are appended directly with SQL statements. A hacker/user can inject/draft the 'orderBy' and 'sortOrder' query parameter in such a way to read/update the data for which he doesn't have authorization. | ||||
| CVE-2018-1994 | 1 Ibm | 2 Infosphere Information Server On Cloud, Infosphere Metadata Asset Manager | 2024-09-17 | N/A |
| IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 154494. | ||||
| CVE-2010-1004 | 2 Mischa Heimann, Typo3 | 2 Yatse, Typo3 | 2024-09-17 | N/A |
| SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2019-6691 | 1 Phpwind | 1 Phpwind | 2024-09-17 | N/A |
| phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb[] parameter, related to the "--backup database" option. | ||||
| CVE-2017-1757 | 1 Ibm | 1 Security Guardium | 2024-09-17 | N/A |
| IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858. | ||||
| CVE-2018-1414 | 1 Ibm | 2 Maximo Asset Management, Maximo Asset Management Essentials | 2024-09-17 | N/A |
| IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 138820. | ||||
| CVE-2008-6344 | 1 Typo3 | 2 Tu-clausthal Staff, Typo3 | 2024-09-17 | N/A |
| SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2019-12681 | 1 Cisco | 1 Firepower Management Center | 2024-09-17 | 8.8 High |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary SQL injections on an affected device. These vulnerabilities exist due to improper input validation. An attacker could exploit these vulnerabilities by sending crafted SQL queries to an affected device. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, and execute commands within the underlying operating system that may affect the availability of the device. | ||||
| CVE-2009-4838 | 1 Secureideas | 1 Basic Analysis And Security Engine | 2024-09-17 | N/A |
| SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information. | ||||