Export limit exceeded: 19010 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19010 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-1945 | 1 Opendocman | 1 Opendocman | 2025-04-12 | N/A |
| SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter. | ||||
| CVE-2014-0821 | 1 Cybozu | 1 Garoon | 2025-04-12 | N/A |
| SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931. | ||||
| CVE-2014-10038 | 1 Domphp | 1 Domphp | 2025-04-12 | N/A |
| SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. | ||||
| CVE-2014-0137 | 1 Redhat | 2 Cloudforms 3.0 Management Engine, Cloudforms Managementengine | 2025-04-12 | N/A |
| SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to MiqReportResult.exists. | ||||
| CVE-2013-5640 | 1 Raoul Proenca | 1 Gnew | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thread_id to posts/edit.php vectors. | ||||
| CVE-2013-4058 | 1 Ibm | 1 Infosphere Information Server | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces. | ||||
| CVE-2013-4016 | 1 Ibm | 7 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 4 more | 2025-04-12 | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text. | ||||
| CVE-2013-3961 | 1 Abeel | 1 Simple Php Agenda | 2025-04-12 | N/A |
| SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter. | ||||
| CVE-2013-3478 | 1 Apptha | 1 Video Gallery Plugin | 2025-04-12 | N/A |
| SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the playid parameter to index.php. | ||||
| CVE-2013-2559 | 1 Getsymphony | 1 Symphony | 2025-04-12 | N/A |
| SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | ||||
| CVE-2011-3197 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-12 | N/A |
| SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector. | ||||
| CVE-2011-5313 | 1 Redaxscript | 1 Redaxscript | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program. | ||||
| CVE-2012-1665 | 1 Oscmax | 1 Oscmax | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php. | ||||
| CVE-2013-2498 | 1 Simplehrm | 1 Simplehrm | 2025-04-12 | N/A |
| SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin. | ||||
| CVE-2013-1803 | 1 Php-fusion | 1 Php-fusion | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) parameter name starting with "delete_attach_" in an edit action to forum/postedit.php; the (3) poll_opts[] parameter in a newthread action to forum/postnewthread.php; the (4) pm_email_notify, (5) pm_save_sent, (6) pm_inbox, (7) pm_sentbox, or (8) pm_savebox parameter to administration/settings_messages.php; the (9) thumb_compression, (10) photo_watermark_text_color1, (11) photo_watermark_text_color2, or (12) photo_watermark_text_color3 parameter to administration/settings_photo.php; the (13) enable parameter to administration/bbcodes.php; the (14) news_image, (15) news_image_t1, or (16) news_image_t2 parameter to administration/news.php; the (17) news_id parameter in an edit action to administration/news.php; or the (18) article_id parameter in an edit action to administration/articles.php. NOTE: the user ID cookie issue in Authenticate.class.php is already covered by CVE-2013-7375. | ||||
| CVE-2013-1408 | 1 Wysija Newsletters Project | 1 Wysija Newsletters | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | ||||
| CVE-2013-0735 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php. | ||||
| CVE-2012-5865 | 1 Achievo | 1 Achievo | 2025-04-12 | N/A |
| SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action. | ||||
| CVE-2012-5853 | 1 Vinojcardoza | 1 Ajax Post Search | 2025-04-12 | N/A |
| SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php. | ||||
| CVE-2012-5849 | 1 Clip-bucket | 1 Clipbucket | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php. | ||||