Export limit exceeded: 363165 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19663 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-3130 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection. | ||||
| CVE-2012-2171 | 1 Ibm | 18 Ds4100, Ds4200, Ds4300 and 15 more | 2025-04-11 | N/A |
| SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI. | ||||
| CVE-2013-6341 | 1 Dokeos | 1 Dokeos | 2025-04-11 | N/A |
| SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php. | ||||
| CVE-2012-1911 | 1 Chatelao | 1 Php Address Book | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565. | ||||
| CVE-2012-1780 | 1 Socialcms | 1 Socialcms | 2025-04-11 | N/A |
| SQL injection vulnerability in search.php in SocialCMS 1.0.5 allows remote attackers to execute arbitrary SQL commands via the category parameter. | ||||
| CVE-2012-1557 | 1 Parallels | 1 Parallels Plesk Panel | 2025-04-11 | N/A |
| SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012. | ||||
| CVE-2012-1061 | 1 Gforgegroup | 1 Gforge | 2025-04-11 | N/A |
| SQL injection vulnerability in GForge Advanced Server 6.0.0 and other versions before 6.0.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-1017 | 1 Secureideas | 1 Base | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9] parameters. | ||||
| CVE-2012-0727 | 1 Ibm | 6 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 3 more | 2025-04-11 | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-7187 | 1 Ncrafts | 1 Formcraft | 2025-04-11 | N/A |
| SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2013-7189 | 1 Iscripts | 1 Autohoster | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php. | ||||
| CVE-2013-7192 | 1 Etoshop | 1 Dynamic Biz Website Builder Quickweb | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp. | ||||
| CVE-2010-1918 | 1 Efrontlearning | 1 Efront | 2025-04-11 | N/A |
| SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter. | ||||
| CVE-2012-0337 | 1 Cisco | 1 Unified Meetingplace | 2025-04-11 | N/A |
| SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939. | ||||
| CVE-2014-0080 | 1 Rubyonrails | 1 Rails | 2025-04-11 | N/A |
| SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns. | ||||
| CVE-2010-1089 | 1 Phptroubleticket | 1 Php Trouble Ticket | 2025-04-11 | N/A |
| SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2010-1090 | 1 Phpmysite | 1 Phpmysite | 2025-04-11 | N/A |
| SQL injection vulnerability in index.php in phpMySite allows remote attackers to execute arbitrary SQL commands via the action parameter. | ||||
| CVE-2010-1134 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-11 | N/A |
| SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable. | ||||
| CVE-2012-1255 | 1 Segue Project | 1 Segue | 2025-04-11 | N/A |
| SQL injection vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2009-4667 | 1 Phpmember | 1 Webmember | 2025-04-11 | N/A |
| SQL injection vulnerability in form.php in WebMember 1.0 allows remote authenticated users to execute arbitrary SQL commands via the formID parameter. | ||||