Total
13011 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2807 | 1 Algan | 1 Prens Student Information System | 2024-09-17 | 9.8 Critical |
| SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.This issue affects Prens Student Information System: before 2.1.11. | ||||
| CVE-2022-0495 | 1 Parantezteknoloji | 1 Koha Library Automation | 2024-09-17 | 9.4 Critical |
| The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01. | ||||
| CVE-2008-5037 | 1 Elkagroup | 1 Image Gallery | 2024-09-17 | N/A |
| SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2012-3468 | 1 Ushahidi | 1 Ushahidi Platform | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media type to the timeline function in application/controllers/json.php. | ||||
| CVE-2022-42924 | 1 Formalms | 1 Formalms | 2024-09-17 | 7.6 High |
| Forma LMS on its 3.1.0 version and earlier is vulnerable to a SQL injection vulnerability. The exploitation of this vulnerability could allow an authenticated attacker (with the role of student) to perform a SQL injection on the 'dyn_filter' parameter in the 'appLms/ajax.adm_server.php?r=widget/userselector/getusertabledata' function in order to dump the entire database. | ||||
| CVE-2013-4682 | 2 Bas Van Beek, Typo3 | 2 Multishop, Typo3 | 2024-09-17 | N/A |
| SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-0919 | 1 Sefrengo | 1 Sefrengo | 2024-09-17 | N/A |
| Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php. | ||||
| CVE-2017-5812 | 1 Hp | 1 Network Automation | 2024-09-17 | N/A |
| A remote sql information disclosure vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found. | ||||
| CVE-2010-4609 | 1 Html-edit | 1 Html-edit Cms | 2024-09-17 | N/A |
| SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action. | ||||
| CVE-2011-4829 | 2 Barter-sites, Joomla | 2 Com Listing, Joomla\! | 2024-09-17 | N/A |
| SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php. | ||||
| CVE-2021-38324 | 1 Smartypantsplugins | 1 Sp Rental Manager | 2024-09-17 | 8.2 High |
| The SP Rental Manager WordPress plugin is vulnerable to SQL Injection via the orderby parameter found in the ~/user/shortcodes.php file which allows attackers to retrieve information contained in a site's database, in versions up to and including 1.5.3. | ||||
| CVE-2022-41773 | 1 Deltaww | 1 Diaenergie | 2024-09-17 | 8.8 High |
| The affected product DIAEnergie (versions prior to v1.9.01.002) is vulnerable to a SQL injection that exists in CheckDIACloud. A low-privileged authenticated attacker could exploit this issue to inject arbitrary SQL queries. | ||||
| CVE-2013-5694 | 1 Opsview | 1 Opsview | 2024-09-17 | N/A |
| SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter. | ||||
| CVE-2018-20572 | 1 Wuzhicms | 1 Wuzhicms | 2024-09-17 | N/A |
| WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893. | ||||
| CVE-2010-2683 | 1 Customerparadigm | 1 Pagedirector Cms | 2024-09-17 | N/A |
| SQL injection vulnerability in result.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the sub_catid parameter. | ||||
| CVE-2011-0519 | 1 Gallarific | 1 Php Photo Gallery Script | 2024-09-17 | N/A |
| SQL injection vulnerability in gallery.php in Gallarific PHP Photo Gallery script 2.1 and possibly other versions allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-4802 | 2 Joachim Ruhs, Typo3 | 2 Flat Manager, Typo3 | 2024-09-17 | N/A |
| SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2017-5663 | 1 Apache | 1 Fineract | 2024-09-17 | N/A |
| In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query. | ||||
| CVE-2010-2826 | 1 Cisco | 1 Wireless Control System Software | 2024-09-17 | N/A |
| SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019. | ||||
| CVE-2008-6338 | 2 Typo3, Weber-ebusiness | 2 Typo3, Wes Facilities | 2024-09-17 | N/A |
| SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||