Search Results (19664 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4342 2 Cacti, Fedoraproject 2 Cacti, Fedora 2025-04-12 N/A
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.
CVE-2015-4609 1 Wt Directory Project 1 Wt Directory 2025-04-12 N/A
SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-4610 1 Store Locator Project 1 Store Locator 2025-04-12 N/A
SQL injection vulnerability in the Store Locator (locator) extension before 3.3.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-3325 1 Wpsymposium 1 Wp Symposium 2025-04-12 N/A
SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI.
CVE-2014-10015 1 Phpjabbers 1 Event Booking Calendar 2025-04-12 N/A
SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2015-2972 1 Sysphonic 1 Thetis 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-4850 1 Foecms 1 Foecms 2025-04-12 N/A
SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter.
CVE-2014-4824 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-12 N/A
SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-3339 1 Cisco 2 Unified Communications Domain Manager, Unified Presence Server 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the administrative web interface in Cisco Unified Communications Manager (CM) and Cisco Unified Presence Server (CUPS) allow remote authenticated users to execute arbitrary SQL commands via crafted input to unspecified pages, aka Bug ID CSCup74290.
CVE-2014-4939 1 Enl Newsletter Plugin Project 1 Enl-newsletter 2025-04-12 N/A
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.
CVE-2014-4938 1 Wp Rss Poster Plugin Project 1 Wp-rss-poster 2025-04-12 N/A
SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php.
CVE-2014-10004 1 Maianscriptworld 1 Maian Uploader 2025-04-12 N/A
SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-5317 1 Basic-cms 1 Sweetrice 2025-04-12 N/A
Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the sys-name parameter in an rssfeed action, or (4) the sys-name parameter in a view action.
CVE-2014-4858 1 Sabreairlinesolutions 5 Crew Management, Crew Operations, Crew Planning and 2 more 2025-04-12 N/A
Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.
CVE-2014-0821 1 Cybozu 1 Garoon 2025-04-12 N/A
SQL injection vulnerability in the download feature in Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6930 and CVE-2013-6931.
CVE-2014-4852 1 Thedigitalcraft 1 Atomcms 2025-04-12 N/A
SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2022-44137 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-11 7.2 High
SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection.
CVE-2025-25877 1 Angeljudesuarez 1 Simple Chatbox 2025-04-11 3.8 Low
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data.
CVE-2025-1381 1 Code-projects 1 Real Estate Property Management System 2025-04-11 6.3 Medium
A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax_city.php. The manipulation of the argument CityName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-25686 1 Sem-cms 1 Semcms 2025-04-11 9.8 Critical
semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php.