Export limit exceeded: 362717 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19645 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-2703 2 Osgeo, Umn 2 Mapserver, Mapserver 2025-04-11 N/A
Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.
CVE-2010-4987 1 Kmsoft 1 Guestbook 2025-04-11 N/A
SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GBook) allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2010-4986 1 Cafuego 1 Simple Document Management System 2025-04-11 N/A
SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter.
CVE-2010-4968 2 Joomla, Webmaster-tips 2 Joomla\!, Com Wmtpic 2025-04-11 N/A
SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
CVE-2012-2332 1 S9y 1 Serendipity 2025-04-11 N/A
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
CVE-2010-4857 1 Curtiss Grymala 1 Cag Cms 2025-04-11 N/A
SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
CVE-2010-4860 1 Galaxyscriptz 1 Myphpauction 2025-04-11 N/A
SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4861 1 Webspell 1 Webspell 2025-04-11 N/A
SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2010-4856 1 Aspindir 1 Xweblog 2025-04-11 N/A
SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter.
CVE-2010-4969 1 Brotherscripts 1 Business Directory 2025-04-11 N/A
SQL injection vulnerability in articlesdetails.php in BrotherScripts (BS) Business Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-7301 1 Sclek 1 Jsite 2025-04-11 N/A
SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2011-4946 1 E107 1 E107 2025-04-11 N/A
SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter.
CVE-2012-3791 1 Cms-center 1 Simple Web Content Management System 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/; or (6) status parameter to admin/item_status.php.
CVE-2010-4700 1 Php 1 Php 2025-04-11 N/A
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
CVE-2011-1047 2 Vasthtml, Wordpress 2 Forum Server, Wordpress 2025-04-11 N/A
Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php.
CVE-2010-0795 2 Harmistechnology, Joomla 2 Com Jeeventcalendar, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php.
CVE-2012-4414 2 Mariadb, Oracle 2 Mariadb, Mysql 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
CVE-2010-2699 1 Edgephp 1 Clickbank Affiliate Marketplace Script 2025-04-11 N/A
SQL injection vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2011-2403 1 Hp 1 Network Automation 2025-04-11 N/A
SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1063 1 Manageengine 1 Applications Manager 2025-04-11 N/A
Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do.