Search Results (19656 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4868 2 Joomla, Kunena 2 Joomla\!, Kunena 2025-04-11 N/A
SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-3050 1 Zapms 1 Zapms 2025-04-11 N/A
SQL injection vulnerability in ZAPms 1.41 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter to product.
CVE-2012-4479 2 David Alkire, Drupal 2 Drag \& Drop Gallery, Drupal 2025-04-11 N/A
SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-0140 1 Mcafee 1 Epolicy Orchestrator 2025-04-11 N/A
SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a crafted request over the Agent-Server communication channel.
CVE-2012-5550 2 Carlos Carvalhar, Drupal 2 Time Spent, Drupal 2025-04-11 N/A
SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1234 1 Advantech 1 Advantech Webaccess 2025-04-11 N/A
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234.
CVE-2011-5259 1 Orangehrm 1 Orangehrm 2025-04-11 N/A
SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-5262 1 Sonicwall 4 Aventail Sra Ex6000, Aventail Sra Ex7000, Aventail Sra Ex9000 and 1 more 2025-04-11 N/A
SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
CVE-2012-5760 1 Ibm 1 Netezza 2025-04-11 N/A
SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-4971 1 Layton Technology 1 Helpbox 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserlogin.asp; the (10) sys_userpwd parameter to validateuserlogin.asp; the (11) sql parameter to editenduseruser.asp; the (12) sql parameter to manageenduserrequestclasses.asp; the (13) sql parameter to resetpwdenduser.asp; the (14) sql parameter to disableloginenduser.asp; the (15) sql parameter to deleteenduseruser.asp; the (16) sql parameter to manageendusers.asp; or the (17) site parameter to statsrequestagereport.asp.
CVE-2010-0950 1 Natychmiast-cms 1 Natychmiast-cms 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php.
CVE-2011-4542 1 Hastymail 1 Hastymail2 2025-04-11 N/A
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
CVE-2013-3957 1 Siemens 2 Simatic Pcs7, Wincc 2025-04-11 N/A
SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0948 1 Bfs.kilu 1 Bigforum 2025-04-11 N/A
SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-7242 1 Zenphoto 1 Zenphoto 2025-04-11 N/A
SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter.
CVE-2012-1780 1 Socialcms 1 Socialcms 2025-04-11 N/A
SQL injection vulnerability in search.php in SocialCMS 1.0.5 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2013-3973 1 Ibm 1 Maximo Asset Management 2025-04-11 N/A
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-0798 2 Snowflake, Typo3 2 T3blog, Typo3 2025-04-11 N/A
SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4017 1 Ibm 1 Maximo Asset Management 2025-04-11 N/A
SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4137 1 Status 1 Statusnet 2025-04-11 N/A
Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 and 1.1.0 allow remote attackers to execute arbitrary SQL commands via vectors related to user lists and "a particular tag format."