Export limit exceeded: 19727 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19727 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4570 1 Letodms Project 1 Letodms 2025-04-20 N/A
SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-2120 1 Wbce 1 Wbce Cms 2025-04-20 N/A
SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-7780 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
CVE-2017-17730 1 Dedecms 1 Dedecms 2025-04-20 N/A
DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.
CVE-2017-17873 1 Vanguard Project 1 Marketplace Digital Products Php 2025-04-20 N/A
Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI.
CVE-2017-17872 1 Jextn 1 Jextn Video Gallery 2025-04-20 N/A
The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action.
CVE-2017-17871 1 Jextn 1 Jextn Question And Answer 2025-04-20 N/A
The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.
CVE-2017-17892 1 Readymade Video Sharing Script Project 1 Readymade Video Sharing Script 2025-04-20 N/A
Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.
CVE-2017-17895 1 Basic Job Site Script Project 1 Basic Job Site Script 2025-04-20 N/A
Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.
CVE-2017-5218 1 Sagecrm 1 Sagecrm 2025-04-20 N/A
A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The AP_DocumentUI.asp web resource includes Utilityfuncs.js when the file is opened or viewed. This file crafts a SQL statement to identify the database that is to be in use with the current user's session. The database variable can be populated from the URL, and when supplied non-expected characters, can be manipulated to obtain access to the underlying database. The /CRM/CustomPages/ACCPAC/AP_DocumentUI.asp?SID=<VALID-SID>&database=1';WAITFOR DELAY '0:0:5'-- URI is a Proof of Concept.
CVE-2017-9603 1 Intensewp 1 Wp Jobs 2025-04-20 N/A
SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php.
CVE-2015-4073 1 Helpdesk Pro Project 1 Helpdesk Pro 2025-04-20 N/A
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.
CVE-2016-5742 1 Sixapart 2 Movable Type, Movable Type Open Source 2025-04-20 N/A
SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-8835 1 Peplink 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more 2025-04-20 N/A
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.
CVE-2014-8621 1 Store Locator Project 1 Store Locator 2025-04-20 N/A
SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php.
CVE-2017-7886 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-20 N/A
Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.
CVE-2015-7714 1 Realtyna 1 Realtyna Property Listing 2025-04-20 7.2 High
Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php.
CVE-2016-4468 2 Cloudfoundry, Pivotal Software 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more 2025-04-20 N/A
SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2017-17631 1 Multireligion Responsive Matrimonial Project 1 Multireligion Responsive Matrimonial 2025-04-20 N/A
Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.
CVE-2017-11200 1 Finecms Project 1 Finecms 2025-04-20 N/A
SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter.