Total
13007 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2128 | 1 Elvinbts | 1 Elvinbts | 2024-09-17 | N/A |
| SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the title (aka subject) field. | ||||
| CVE-2012-3881 | 1 Adrian Chadd | 2 Rtg, Rtg2 | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) 95.php, (2) view.php, or (3) rtg.php. | ||||
| CVE-2010-0344 | 1 Typo3 | 2 Typo3, Zak Store Management | 2024-09-17 | N/A |
| SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4166 | 2 Michal Hadr, Typo3 | 2 Mchtrips, Typo3 | 2024-09-17 | N/A |
| SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2020-35743 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-09-17 | 7 High |
| HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages. | ||||
| CVE-2018-1000653 | 1 Zzcms | 1 Zzcms | 2024-09-17 | N/A |
| zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx. | ||||
| CVE-2012-1603 | 1 Nextbbs | 1 Nextbbs | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function. | ||||
| CVE-2010-1006 | 1 Typo3 | 2 Brainstorming, Typo3 | 2024-09-17 | N/A |
| SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-1002013 | 1 Anblik | 1 Image-gallery-with-slideshow | 2024-09-17 | N/A |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php. | ||||
| CVE-2009-4399 | 2 Fr.simon Rundell, Typo3 | 2 Hs Religiousartgallery, Typo3 | 2024-09-17 | N/A |
| SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2011-1480 | 1 Phpnuke | 1 Php-nuke | 2024-09-17 | N/A |
| SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter. | ||||
| CVE-2023-47990 | 1 Cuppacms | 1 Cuppacms | 2024-09-17 | 9.8 Critical |
| SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter. | ||||
| CVE-2018-19925 | 1 Sales \& Company Management System Project | 1 Sales \& Company Management System | 2024-09-17 | N/A |
| An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. It has SQL injection via the member/member_order.php type parameter, related to the O_state parameter. | ||||
| CVE-2021-21024 | 1 Magento | 1 Magento | 2024-09-17 | N/A |
| Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are affected by a blind SQL injection vulnerability in the Search module. Successful exploitation could lead to unauthorized access to restricted resources by an unauthenticated attacker. Access to the admin console is required for successful exploitation. | ||||
| CVE-2019-4032 | 1 Ibm | 1 Financial Transaction Manager | 2024-09-17 | 9.8 Critical |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-ForceID: 155998. | ||||
| CVE-2010-0381 | 1 Phpmyspace | 1 Phpmyspace | 2024-09-17 | N/A |
| SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a show_stats action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2009-4390 | 2 Jochen Rieger, Typo3 | 2 Car, Typo3 | 2024-09-17 | N/A |
| SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-6588 | 1 Myrephp | 1 Myre Business Directory | 2024-09-17 | N/A |
| SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2021-31869 | 1 Pimcore | 1 Adminbundle | 2024-09-17 | 6.5 Medium |
| Pimcore AdminBundle version 6.8.0 and earlier suffers from a SQL injection issue in the specificID variable used by the application. This issue was fixed in version 6.9.4 of the product. | ||||
| CVE-2019-9693 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-09-17 | N/A |
| In CMS Made Simple (CMSMS) before 2.2.10, an authenticated user can achieve SQL Injection in class.showtime2_data.php via the functions _updateshow (parameter show_id), _inputshow (parameter show_id), _Getshowinfo (parameter show_id), _Getpictureinfo (parameter picture_id), _AdjustNameSeq (parameter shownumber), _Updatepicture (parameter picture_id), and _Deletepicture (parameter picture_id). | ||||