Export limit exceeded: 362446 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19631 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-3435 1 Zabbix 1 Zabbix 2025-04-11 N/A
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
CVE-2012-3469 1 Ushahidi 1 Ushahidi Platform 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php.
CVE-2012-4070 1 Dir2web 1 Dir2web 2025-04-11 N/A
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php.
CVE-2012-4061 1 Asp-dev 1 Xm Diary 2025-04-11 N/A
Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp.
CVE-2012-4060 1 Asp-dev 1 Xm Forums 2025-04-11 N/A
Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp.
CVE-2011-4946 1 E107 1 E107 2025-04-11 N/A
SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter.
CVE-2010-2699 1 Edgephp 1 Clickbank Affiliate Marketplace Script 2025-04-11 N/A
SQL injection vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2013-5310 2 Mauro Lorenzutti, Typo3 2 Wfqbe, Typo3 2025-04-11 N/A
SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-4949 1 Egroupware 2 Egroupware, Egroupware Enterprise Line 2025-04-11 N/A
SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4860 1 Galaxyscriptz 1 Myphpauction 2025-04-11 N/A
SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4861 1 Webspell 1 Webspell 2025-04-11 N/A
SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2010-0721 1 Systemsoftware 1 Auktionshaus Gelb 2025-04-11 N/A
SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-4839 2 Edgetechweb, Wordpress 2 Event Registration, Wordpress 2025-04-11 N/A
SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action.
CVE-2012-4414 2 Mariadb, Oracle 2 Mariadb, Mysql 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete.
CVE-2012-0982 1 Vastal 1 Agent Zone 2025-04-11 N/A
SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the price_from parameter.
CVE-2012-0983 1 Scriptsez 1 Ez Album 2025-04-11 N/A
SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVE-2012-3791 1 Cms-center 1 Simple Web Content Management System 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/; or (6) status parameter to admin/item_status.php.
CVE-2012-1067 2 Mg12, Wordpress 2 Wp-recentcomments, Wordpress 2025-04-11 N/A
SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in an rc-content action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-1063 1 Manageengine 1 Applications Manager 2025-04-11 N/A
Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do.
CVE-2010-5004 1 2daybiz 1 Polls Script 2025-04-11 N/A
SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter.