Total
19004 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2066 | 1 Dlguard | 1 Dlguard | 2025-04-12 | N/A |
| SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php. | ||||
| CVE-2015-2070 | 1 Etouch | 1 Samepage | 2025-04-12 | N/A |
| SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed. | ||||
| CVE-2014-100035 | 1 Licensepal | 1 Arcticdesk | 2025-04-12 | N/A |
| SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-100031 | 1 Ismail Fahmi | 1 Ganesha Digital Library | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php. | ||||
| CVE-2014-6233 | 1 Flat Manager Project | 1 Flat Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-100012 | 1 Sendy | 1 Sendy | 2025-04-12 | N/A |
| SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. | ||||
| CVE-2014-100011 | 1 Sendy | 1 Sendy | 2025-04-12 | N/A |
| SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter. | ||||
| CVE-2016-9242 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter. | ||||
| CVE-2015-2679 | 1 Genixcms | 1 Genixcms | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php. | ||||
| CVE-2015-6659 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
| SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment. | ||||
| CVE-2015-2314 | 1 Wpml | 1 Wpml | 2025-04-12 | N/A |
| SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed. | ||||
| CVE-2015-2866 | 1 Grandstream | 2 Gxv3611 Hd, Gxv3611 Hd Firmware | 2025-04-12 | N/A |
| SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username. | ||||
| CVE-2014-5102 | 1 Vbulletin | 1 Vbulletin | 2025-04-12 | N/A |
| SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items. | ||||
| CVE-2012-6643 | 1 Clip-bucket | 1 Clipbucket | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2014-5201 | 1 Gallery Objects Project | 1 Gallery Objects | 2025-04-12 | N/A |
| SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php. | ||||
| CVE-2015-2824 | 1 Simple Ads Manager Project | 1 Simple Ads Manager | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sam-ajax-admin.php. | ||||
| CVE-2015-3325 | 1 Wpsymposium | 1 Wp Symposium | 2025-04-12 | N/A |
| SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI. | ||||
| CVE-2014-5183 | 1 Simple Retail Menus Plugin Project | 1 Simple-retail-menus | 2025-04-12 | N/A |
| SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php. | ||||
| CVE-2014-5186 | 1 All Video Gallery Plugin Project | 1 All-video-gallery | 2025-04-12 | N/A |
| SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php. | ||||
| CVE-2015-3980 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | N/A |
| SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | ||||