Total
13006 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-4380 | 1 Valarsoft | 1 Webmatic | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-2925. | ||||
| CVE-2010-1016 | 2 Laurent Foulloy, Typo3 | 2 Sav Filter Selectors, Typo3 | 2024-09-17 | N/A |
| SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4296 | 2 Brian Miller, Drupal | 2 Taxonomy Timer, Drupal | 2024-09-17 | N/A |
| SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2018-18075 | 1 Wikidforum Project | 1 Wikidforum | 2024-09-17 | N/A |
| WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter. | ||||
| CVE-2009-4959 | 2 Stefan Koch, Typo3 | 2 T3m, Typo3 | 2024-09-17 | N/A |
| SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2010-0342 | 1 Typo3 | 2 Job Reports, Typo3 | 2024-09-17 | N/A |
| SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2018-11032 | 1 Gouguoyin | 1 Phprap | 2024-09-17 | N/A |
| PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the application/home/controller/project.php search() function. | ||||
| CVE-2020-7356 | 1 Cayintech | 1 Xpost | 2024-09-17 | 10 Critical |
| CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. Input passed via the GET parameter 'wayfinder_seqid' in wayfinder_meeting_input.jsp is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and execute SYSTEM commands. | ||||
| CVE-2012-3469 | 1 Ushahidi | 1 Ushahidi Platform | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php. | ||||
| CVE-2018-10595 | 1 Bd | 6 Database Manager, Inoqula\+, Kiestra Tla and 3 more | 2024-09-17 | N/A |
| A vulnerability in ReadA version 1.1.0.2 and previous allows an authorized user with access to a privileged account on a BD Kiestra system (Kiestra TLA, Kiestra WCA, and InoqulA+ specimen processor) to issue SQL commands, which may result in loss or corruption of data. | ||||
| CVE-2021-33180 | 1 Synology | 1 Media Server | 2024-09-17 | 7.3 High |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-2616 | 1 Datachecknh | 1 Sitepal | 2024-09-17 | N/A |
| SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions SitePal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2017-1311 | 1 Ibm | 1 Insights Foundation For Energy | 2024-09-17 | N/A |
| IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719. | ||||
| CVE-2022-29419 | 1 3xsocializer Project | 1 3xsocializer | 2024-09-17 | 6 Medium |
| SQL Injection (SQLi) vulnerability in Don Crowther's 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. | ||||
| CVE-2018-1252 | 1 Rsa | 1 Web Threat Detection | 2024-09-17 | N/A |
| RSA Web Threat Detection versions prior to 6.4, contain an SQL injection vulnerability in the Administration and Forensics applications. An authenticated malicious user with low privileges could potentially exploit this vulnerability to execute SQL commands on the back-end database to gain unauthorized access to the tool's monitoring and user information by supplying specially crafted input data to the affected application. | ||||
| CVE-2010-2690 | 2 Jooforge, Joomla | 2 Com Gamesbox, Joomla\! | 2024-09-17 | N/A |
| SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php. | ||||
| CVE-2021-29090 | 1 Synology | 1 Photo Station | 2024-09-17 | 7.2 High |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors. | ||||
| CVE-2014-5182 | 1 Ostenta | 1 Yawpp | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php. | ||||
| CVE-2017-14600 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2024-09-17 | N/A |
| Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in cms/admin.lib.php via $_GET['del_black'], resulting in Information Disclosure. | ||||
| CVE-2014-3934 | 1 Phpnuke | 2 Php-nuke, Submit News Module | 2024-09-17 | N/A |
| SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php. | ||||