Total
13008 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-2436 | 1 Phponlinedatingsoftware | 1 Myphpdating | 2024-09-17 | N/A |
| SQL injection vulnerability in page.php in Online Dating Software MyPHPDating 1.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | ||||
| CVE-2014-9345 | 1 Guruperl | 1 Advertise With Pleasure\! | 2024-09-17 | N/A |
| SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a list_zone action to cgi/client.cgi. | ||||
| CVE-2018-7734 | 1 Afian | 1 Filerun | 2024-09-17 | N/A |
| Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=users§ion=cpanel&page=list request. | ||||
| CVE-2018-14472 | 1 Wuzhicms | 1 Wuzhicms | 2024-09-17 | N/A |
| An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection. | ||||
| CVE-2020-10505 | 1 The School Manage System Project | 1 The School Manage System | 2024-09-17 | 9.8 Critical |
| The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password. | ||||
| CVE-2008-0650 | 1 Simple Os Cms | 1 Simple Os Cms | 2024-09-17 | N/A |
| SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2014-5184 | 1 Stripshow Plugin Project | 1 Stripshow | 2024-09-17 | N/A |
| SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php. | ||||
| CVE-2011-1915 | 1 Infor | 2 Eclient, Enspire Distribution Management Solution | 2024-09-17 | N/A |
| SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2008-3590 | 1 Egi Zaberl | 1 E.z. Poll | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2014-100012 | 1 Sendy | 1 Sendy | 2024-09-17 | N/A |
| SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. | ||||
| CVE-2011-0467 | 1 Suse | 2 Studio Onsite, Studio Onsite Appliance | 2024-09-17 | N/A |
| A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1. | ||||
| CVE-2018-7735 | 1 Afian | 1 Filerun | 2024-09-17 | N/A |
| Afian FileRun (before 2018.02.13) suffers from a remote SQL injection vulnerability, when logged in as superuser, via the search parameter in a /?module=metadata§ion=cpanel&page=list_filetypes request. | ||||
| CVE-2013-5091 | 1 Vtiger | 1 Vtiger Crm | 2024-09-17 | N/A |
| SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559. | ||||
| CVE-2013-3578 | 1 Wave | 2 Embassy Remote Administration Server, Embassy Remote Administration Server Help Desk | 2024-09-17 | N/A |
| SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server (ERAS) allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter (aka the search field), leading to execution of operating-system commands. | ||||
| CVE-2009-2779 | 1 Ajsquare | 1 Aj Matrix Dna | 2024-09-17 | N/A |
| SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action. | ||||
| CVE-2014-4305 | 1 Nice | 1 Recording Express | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2022-2807 | 1 Algan | 1 Prens Student Information System | 2024-09-17 | 9.8 Critical |
| SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.This issue affects Prens Student Information System: before 2.1.11. | ||||
| CVE-2022-0495 | 1 Parantezteknoloji | 1 Koha Library Automation | 2024-09-17 | 9.4 Critical |
| The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01. | ||||
| CVE-2008-5037 | 1 Elkagroup | 1 Image Gallery | 2024-09-17 | N/A |
| SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2012-3468 | 1 Ushahidi | 1 Ushahidi Platform | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php. | ||||