Export limit exceeded: 23519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19694 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19694 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5459 1 Zohocorp 1 Manageengine Password Manager Pro 2025-04-12 N/A
SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc.
CVE-2015-6522 1 Wpsymposium 1 Wp Symposium 2025-04-12 N/A
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.
CVE-2015-1514 1 Fancyfon 1 Famoc 2025-04-12 N/A
Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow (1) remote attackers to execute arbitrary SQL commands via the device ID REST parameter (PATH_INFO) to /ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the order parameter to index.php.
CVE-2015-1517 1 Piwigo 1 Piwigo 2025-04-12 N/A
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
CVE-2015-1518 1 Redaxscript 1 Redaxscript 2025-04-12 N/A
SQL injection vulnerability in the search_post function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.
CVE-2015-5049 1 Ibm 1 Openpages Grc Platform 2025-04-12 N/A
SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-5023 1 Ibm 1 Curam Social Program Management 2025-04-12 N/A
SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-6911 1 Synology 1 Video Station 2025-04-12 N/A
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.
CVE-2014-3704 2 Debian, Drupal 2 Debian Linux, Drupal 2025-04-12 N/A
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
CVE-2013-1408 1 Wysija Newsletters Project 1 Wysija Newsletters 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
CVE-2015-4137 1 Milw0rm Project 1 Milw0rm Clone Script 2025-04-12 N/A
SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter.
CVE-2015-4064 1 Landing Pages Project 1 Landing Pages 2025-04-12 N/A
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php.
CVE-2015-4062 1 Newstatpress Project 1 Newstatpress 2025-04-12 N/A
SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
CVE-2016-2355 1 Dotcms 1 Dotcms 2025-04-12 N/A
SQL injection vulnerability in the REST API in dotCMS before 3.3.2 allows remote attackers to execute arbitrary SQL commands via the stName parameter to api/content/save/1.
CVE-2015-4066 1 Tri 1 Gigpress 2025-04-12 N/A
Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add action in the gigpress.php page to wp-admin/admin.php.
CVE-2013-3961 1 Abeel 1 Simple Php Agenda 2025-04-12 N/A
SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter.
CVE-2013-2046 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-2045 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-1893 1 Owncloud 1 Owncloud 2025-04-12 N/A
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application.
CVE-2015-1310 1 Sybase 1 Adaptive Server Enterprise 2025-04-12 N/A
SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.