Total
13007 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-3934 | 1 Phpnuke | 2 Php-nuke, Submit News Module | 2024-09-17 | N/A |
| SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php. | ||||
| CVE-2014-5180 | 1 Hdwplayer | 1 Hdw-player-video-player-video-gallery | 2024-09-17 | N/A |
| SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php. | ||||
| CVE-2010-4986 | 1 Cafuego | 1 Simple Document Management System | 2024-09-17 | N/A |
| SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter. | ||||
| CVE-2009-4711 | 2 Jan Bednarik, Typo3 | 2 Cooluri, Typo3 | 2024-09-17 | N/A |
| SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686. | ||||
| CVE-2022-33960 | 1 Supsystic | 1 Social Share Buttons | 2024-09-17 | 8.5 High |
| Multiple Authenticated (subscriber or higher user role) SQL Injection (SQLi) vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. | ||||
| CVE-2015-6512 | 1 Codelogic | 1 Freichat | 2024-09-17 | N/A |
| SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php. | ||||
| CVE-2019-4575 | 1 Ibm | 1 Financial Transaction Manager | 2024-09-17 | 9.8 Critical |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 166801. | ||||
| CVE-2011-4808 | 2 Joomla, Joomlaextensions | 2 Joomla\!, Com Hmcommunity | 2024-09-17 | N/A |
| SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php. | ||||
| CVE-2014-4850 | 1 Foecms | 1 Foecms | 2024-09-17 | N/A |
| SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter. | ||||
| CVE-2010-2317 | 1 Wmsdesign | 1 Wmscms | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp. | ||||
| CVE-2012-3032 | 1 Siemens | 2 Simatic Pcs7, Wincc | 2024-09-17 | N/A |
| SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message. | ||||
| CVE-2010-4891 | 2 Andreas Kiefer, Typo3 | 2 Ke Yac, Typo3 | 2024-09-17 | N/A |
| SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2021-43925 | 1 Synology | 1 Diskstation Manager | 2024-09-17 | 4.7 Medium |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | ||||
| CVE-2022-42497 | 1 Api2cart | 1 Api2cart Bridge Connector | 2024-09-17 | 10 Critical |
| Arbitrary Code Execution vulnerability in Api2Cart Bridge Connector plugin <= 1.1.0 on WordPress. | ||||
| CVE-2017-11088 | 1 Qualcomm | 28 Msm8909w, Msm8909w Firmware, Msm8996au and 25 more | 2024-09-17 | N/A |
| Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845. | ||||
| CVE-2014-8363 | 1 Wordpress Spreadsheet Project | 1 Wordpress Spreadsheet | 2024-09-17 | N/A |
| SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. | ||||
| CVE-2010-4771 | 1 Matteoiammarrone | 1 S-cms | 2024-09-17 | N/A |
| SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2008-3754 | 1 Yourfreeworld | 1 Stylish Text Ads Script | 2024-09-17 | N/A |
| SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2022-2177 | 1 Kayrasoft | 1 Kayrasoft | 2024-09-17 | 9.4 Critical |
| Kayrasoft product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2. | ||||
| CVE-2021-3958 | 1 Ipack | 1 Scada Automation | 2024-09-17 | 9.8 Critical |
| Improper Handling of Parameters vulnerability in Ipack Automation Systems Ipack SCADA Software allows : Blind SQL Injection.This issue affects Ipack SCADA Software: from unspecified before 1.1.0. | ||||