Export limit exceeded: 19699 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19699 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-5853 1 Vinojcardoza 1 Ajax Post Search 2025-04-12 N/A
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php.
CVE-2015-2066 1 Dlguard 1 Dlguard 2025-04-12 N/A
SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php.
CVE-2015-1491 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-2873 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-12 N/A
SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1479 1 Zohocorp 1 Servicedesk Plus 2025-04-12 N/A
SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.
CVE-2015-1476 1 Ecommercemajor Project 1 Ecommercemajor 2025-04-12 N/A
Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php.
CVE-2015-1471 1 Pragyan Cms Project 1 Pragyan Cms 2025-04-12 N/A
SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.
CVE-2015-1450 1 Restaurantbiller 1 Restaurant Biller 2025-04-12 N/A
SQL injection vulnerability in Restaurant Biller allows remote attackers to execute arbitrary SQL commands via the cid parameter in a category action to index.php.
CVE-2015-1442 1 Aas9 1 Zerocms 2025-04-12 N/A
SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. NOTE: The article_id parameter to zero_view_article.php vector is already covered by CVE-2014-4034.
CVE-2015-1441 1 Piwigo 1 Piwigo 2025-04-12 N/A
SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1434 1 Mylittleforum 1 My Little Forum 2025-04-12 N/A
Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.
CVE-2012-5685 1 Zpanelcp 1 Zpanel 2025-04-12 N/A
SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI.
CVE-2015-1428 1 Sefrengo 1 Sefrengo 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php.
CVE-2014-3326 1 Cisco 1 Security Manager 2025-04-12 N/A
SQL injection vulnerability in the web framework in Cisco Security Manager 4.5 and 4.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCup26957.
CVE-2015-1423 1 Jakweb 1 Gecko Cms 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php.
CVE-2015-1405 1 Content Rating Extbase Project 1 Content Rating Extbase 2025-04-12 N/A
SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1400 1 Npds 1 Revolution 2025-04-12 N/A
SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter.
CVE-2015-1403 1 Content Rating Project 1 Content Rating 2025-04-12 N/A
SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-4522 1 Rockwellautomation 1 Factorytalk Energrymetrix 2025-04-12 N/A
SQL injection vulnerability in Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1397 1 Magento 1 Magento 2025-04-12 N/A
SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parameter when the popularity[from] or popularity[to] parameter is set.