Total
15140 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5698 | 1 Babygekko | 1 Babygekko | 2024-11-21 | 8.8 High |
| BabyGekko before 1.2.4 has SQL injection. | ||||
| CVE-2012-4383 | 1 Contao | 1 Contao | 2024-11-21 | 8.8 High |
| contao prior to 2.11.4 has a sql injection vulnerability | ||||
| CVE-2012-3336 | 2 Ibm, Linux | 2 Infosphere Guardium, Linux Kernel | 2024-11-21 | 8.8 High |
| IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282. | ||||
| CVE-2012-1259 | 1 Plixer | 1 Scrutinizer Netflow \& Sflow Analyzer | 2024-11-21 | 9.8 Critical |
| Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter. | ||||
| CVE-2012-1124 | 1 Phxeventmanager Project | 1 Phxeventmanager | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. | ||||
| CVE-2012-10011 | 1 Contus | 1 Hd Flv Player | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in HD FLV PLayer Plugin up to 1.7 on WordPress. It has been rated as critical. Affected by this issue is the function hd_add_media/hd_update_media of the file functions.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The patch is identified as 34d66b9f3231a0e2dc0e536a6fe615d736e863f7. It is recommended to upgrade the affected component. VDB-225350 is the identifier assigned to this vulnerability. | ||||
| CVE-2012-10009 | 1 404like Project | 1 404like | 2024-11-21 | 7.3 High |
| A vulnerability was found in 404like Plugin up to 1.0.2 on WordPress. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 2c4b589d27554910ab1fd104ddbec9331b540f7f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223404. | ||||
| CVE-2011-5266 | 1 Imperva | 1 Securesphere Web Application Firewall | 2024-11-21 | 9.8 Critical |
| Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. | ||||
| CVE-2011-5020 | 1 Online Tv Database Project | 1 Online Tv Database | 2024-11-21 | 9.8 Critical |
| An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011. | ||||
| CVE-2011-4094 | 1 Jara Project | 1 Jara | 2024-11-21 | 9.8 Critical |
| Jara 1.6 has a SQL injection vulnerability. | ||||
| CVE-2011-3584 | 1 Guidestar | 1 Wec Discussion Forum | 2024-11-21 | 9.8 Critical |
| The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input. | ||||
| CVE-2011-3583 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 9.8 Critical |
| It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input. | ||||
| CVE-2011-2936 | 1 Elgg | 1 Elgg | 2024-11-21 | 9.8 Critical |
| Elgg through 1.7.10 has a SQL injection vulnerability | ||||
| CVE-2011-2715 | 1 Drupal | 2 Data, Drupal | 2024-11-21 | 9.8 Critical |
| An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0-alpha14 due to insufficient sanitization of table names or column names. | ||||
| CVE-2011-1939 | 3 Debian, Php, Zend | 3 Debian Linux, Php, Zend Framework | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Zend Framework 1.10.x before 1.10.9 and 1.11.x before 1.11.6 when using non-ASCII-compatible encodings in conjunction PDO_MySql in PHP before 5.3.6. | ||||
| CVE-2011-1933 | 1 Jifty\ | 1 \ | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Jifty::DBI before 0.68. | ||||
| CVE-2011-1151 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 9.1 Critical |
| Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and filer_order_Dir parameters. | ||||
| CVE-2011-10002 | 1 Weblabyrinth Project | 1 Weblabyrinth | 2024-11-21 | 5.5 Medium |
| A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to version 0.3.2 is able to address this issue. The identifier of the patch is 60793fd8c8c4759596d3510641e96ea40e7f60e9. It is recommended to upgrade the affected component. The identifier VDB-220221 was assigned to this vulnerability. | ||||
| CVE-2011-10001 | 1 Phoenixcf Project | 1 Phoenixcf | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in iamdroppy phoenixcf. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file content/2-Community/articles.cfm. The manipulation leads to sql injection. The patch is named d156faf8bc36cd49c3b10d3697ef14167ad451d8. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218491. | ||||
| CVE-2011-0467 | 1 Suse | 2 Studio Onsite, Studio Onsite Appliance | 2024-11-21 | N/A |
| A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1. | ||||