Export limit exceeded: 363359 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19690 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4944 | 1 Bannersky | 1 Bsk Pdf Manager | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php. | ||||
| CVE-2014-4939 | 1 Enl Newsletter Plugin Project | 1 Enl-newsletter | 2025-04-12 | N/A |
| SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php. | ||||
| CVE-2014-4938 | 1 Wp Rss Poster Plugin Project | 1 Wp-rss-poster | 2025-04-12 | N/A |
| SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php. | ||||
| CVE-2011-5313 | 1 Redaxscript | 1 Redaxscript | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program. | ||||
| CVE-2011-5286 | 1 Social Slider Project | 1 Social Slider | 2025-04-12 | N/A |
| SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter. | ||||
| CVE-2014-8596 | 1 Php-fusion | 1 Php-fusion | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php. | ||||
| CVE-2014-3483 | 2 Redhat, Rubyonrails | 2 Rhel Software Collections, Rails | 2025-04-12 | N/A |
| SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting. | ||||
| CVE-2014-3446 | 1 Bss | 1 Continuity Cms | 2025-04-12 | N/A |
| SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter. | ||||
| CVE-2011-5278 | 1 Advanced Forum Signatures Project | 1 Advanced Forum Signatures | 2025-04-12 | N/A |
| SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right parameter. | ||||
| CVE-2011-5277 | 1 Advanced Forum Signatures Project | 1 Advanced Forum Signatures | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2014-5189 | 1 Leadoctopus | 1 Lead Octopus | 2025-04-12 | N/A |
| SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2014-3326 | 1 Cisco | 1 Security Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957. | ||||
| CVE-2014-9435 | 1 Absolutengine | 1 Absolut Engine | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username parameter to admin/admin.php, or (4) title parameter to admin/managerrelated.php. | ||||
| CVE-2011-5308 | 1 Cdnvote Project | 1 Cdnvote | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2) cdnvote_point parameter. | ||||
| CVE-2014-9450 | 1 Zabbix | 1 Zabbix | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter. | ||||
| CVE-2014-9455 | 1 Cts Projects\&software | 1 Classad | 2025-04-12 | N/A |
| SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2014-2531 | 1 Interworx | 1 Web Control Panel | 2025-04-12 | N/A |
| SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object. | ||||
| CVE-2012-0811 | 1 Postfix | 1 Postfix | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php. | ||||
| CVE-2012-1506 | 1 Orangehrm | 1 Orangehrm | 2025-04-12 | N/A |
| SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2015-4713 | 1 Apphp | 1 Hotel Site | 2025-04-12 | N/A |
| SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php. | ||||