Total
13007 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-19952 | 1 Qnap | 2 Music Station, Qts | 2024-09-17 | 7.5 High |
| If exploited, this SQL injection vulnerability could allow remote attackers to obtain application information. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11. | ||||
| CVE-2009-0479 | 1 Onlinegrades | 1 Online Grades | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in admin/admin_login.php in Online Grades 3.2.4 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2010-4271 | 1 Impresscms | 1 Impresscms | 2024-09-17 | N/A |
| SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-2563 | 1 Vastal | 1 Phpvid | 2024-09-17 | N/A |
| SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157. | ||||
| CVE-2022-25980 | 1 Deltaww | 1 Diaenergie | 2024-09-17 | 9.8 Critical |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. | ||||
| CVE-2010-0377 | 1 Phpmyspace | 1 Phpmyspace | 2024-09-17 | N/A |
| SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2018-11373 | 1 Iscripts | 1 Eswap | 2024-09-17 | N/A |
| iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter. | ||||
| CVE-2015-2242 | 1 Webshophun | 1 Webshop Hun | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the (1) termid or (2) nyelv_id parameter to index.php. | ||||
| CVE-2017-1002023 | 1 Daisythemes | 1 Easy Team Manager | 2024-09-17 | N/A |
| Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php | ||||
| CVE-2010-4929 | 2 Joomla, Joostina-cms | 2 Joomla\!, Com Ezautos | 2024-09-17 | N/A |
| SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php. | ||||
| CVE-2010-4703 | 1 Hotwebscripts | 1 Hotweb Rentals | 2024-09-17 | N/A |
| SQL injection vulnerability in default.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PageId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2012-2332 | 1 S9y | 1 Serendipity | 2024-09-17 | N/A |
| SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF). | ||||
| CVE-2012-4868 | 2 Joomla, Kunena | 2 Joomla\!, Kunena | 2024-09-17 | N/A |
| SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-3059 | 1 Allpublication | 1 Jboard | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php. | ||||
| CVE-2009-3498 | 1 Hbcms | 1 Hbcms | 2024-09-17 | N/A |
| SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | ||||
| CVE-2021-35048 | 1 Fidelissecurity | 2 Deception, Network | 2024-09-17 | 9.8 Critical |
| Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. The vulnerability could lead to exposure of authentication tokens in some versions of Fidelis software. The vulnerability is present in Fidelis Network and Deception versions prior to 9.3.7 and in version 9.4. Patches and updates are available to address this vulnerability. | ||||
| CVE-2010-4357 | 1 Boka | 1 Siteengine | 2024-09-17 | N/A |
| SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter. | ||||
| CVE-2018-7767 | 1 Schneider-electric | 1 U.motion Builder | 2024-09-17 | N/A |
| The vulnerability exists within processing of editobject.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the type input parameter. | ||||
| CVE-2022-26669 | 1 Asus | 1 Control Center | 2024-09-17 | 8.8 High |
| ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data. | ||||
| CVE-2017-18291 | 1 Pvpgn | 1 Stats | 2024-09-17 | N/A |
| An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter. | ||||