Total
13008 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-6586 | 1 Myrephp | 1 Myre Vacation Rental | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in MYRE Vacation Rental Software allow remote attackers to execute arbitrary SQL commands via the (1) garage1 or (2) bathrooms1 parameter to vacation/1_mobile/search.php, or (3) unspecified input to vacation/widgate/request_more_information.php. | ||||
| CVE-2018-12464 | 1 Microfocus | 1 Secure Messaging Gateway | 2024-09-17 | N/A |
| A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create an administrative account and used in conjunction with CVE-2018-12465 to achieve unauthenticated remote code execution. Affects Micro Focus Secure Messaging Gateway versions prior to 471. It does not affect previous versions of the product that use the GWAVA product name (i.e. GWAVA 6.5). | ||||
| CVE-2013-1748 | 1 Chatelao | 1 Php Address Book | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2. | ||||
| CVE-2019-4483 | 1 Ibm | 2 Emptoris Contract Management, Emptoris Spend Analysis | 2024-09-17 | 9.8 Critical |
| IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 164067. | ||||
| CVE-2021-22856 | 1 Changjia Property Management System Project | 1 Changjia Property Management System | 2024-09-17 | 9.8 Critical |
| The CGE property management system contains SQL Injection vulnerabilities. Remote attackers can inject SQL commands into the parameters in Cookie and obtain data in the database without privilege. | ||||
| CVE-2010-2516 | 1 2daybiz | 1 Multi Level Marketing Software | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketing (MLM) Software allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) index.php and (2) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2020-13567 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2024-09-17 | 9.8 Critical |
| Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2014-7153 | 1 Huge-it | 1 Image Gallery | 2024-09-17 | N/A |
| SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php. | ||||
| CVE-2019-3792 | 1 Pivotal Software | 1 Concourse | 2024-09-17 | N/A |
| Pivotal Concourse version 5.0.0, contains an API that is vulnerable to SQL injection. An Concourse resource can craft a version identifier that can carry a SQL injection payload to the Concourse server, allowing the attacker to read privileged data. | ||||
| CVE-2017-15539 | 1 Zorovavi\/blog Project | 1 Zorovavi\/blog | 2024-09-17 | N/A |
| SQL Injection exists in zorovavi/blog through 2017-10-17 via the id parameter to recept.php. | ||||
| CVE-2019-11821 | 1 Synology | 1 Photo Station | 2024-09-17 | 7.3 High |
| SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter. | ||||
| CVE-2014-5183 | 1 Simple Retail Menus Plugin Project | 1 Simple-retail-menus | 2024-09-17 | N/A |
| SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php. | ||||
| CVE-2019-6127 | 1 Xiaocms | 1 Xiaocms | 2024-09-17 | N/A |
| An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table[] SQL injection. This can be used for PHP code execution via "INTO OUTFILE" with a .php filename. | ||||
| CVE-2011-1557 | 1 Icloudcenter | 1 Icjobsite | 2024-09-17 | N/A |
| SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than CVE-2011-1546. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2020-3934 | 1 Secom | 2 Dr.id Access Control, Dr.id Attendance System | 2024-09-17 | 9.8 Critical |
| TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command. | ||||
| CVE-2012-1234 | 1 Advantech | 1 Advantech Webaccess | 2024-09-17 | N/A |
| SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234. | ||||
| CVE-2017-18287 | 1 Pvpgn | 1 Stats | 2024-09-17 | N/A |
| An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter. | ||||
| CVE-2012-3873 | 1 Openconstructor Project | 1 Openconstructor | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or (6) data/event/edit.php. | ||||
| CVE-2017-1000120 | 1 Frappe | 1 Frappe | 2024-09-17 | N/A |
| [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. | ||||
| CVE-2022-27613 | 1 Synology | 1 Carddav Server | 2024-09-17 | 8.3 High |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors. | ||||