Export limit exceeded: 19690 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19690 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-7857 1 Joomla 1 Joomla\! 2025-04-12 N/A
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.
CVE-2014-8506 1 Etiko 1 Etiko Cms 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Etiko CMS allow remote attackers to execute arbitrary SQL commands via the (1) page_id parameter to loja/index.php or (2) article_id parameter to index.php.
CVE-2015-8157 1 Broadcom 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more 2025-04-12 8.8 High
SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-2323 4 Debian, Lighttpd, Opensuse and 1 more 5 Debian Linux, Lighttpd, Opensuse and 2 more 2025-04-12 9.8 Critical
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
CVE-2015-4426 1 Pimcore 1 Pimcore 2025-04-12 N/A
SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy.
CVE-2015-4454 2 Cacti, Fedoraproject 2 Cacti, Fedora 2025-04-12 N/A
SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.
CVE-2015-0894 1 Tips And Tricks Hq 1 All In One Wordpress Security And Firewall 2025-04-12 N/A
SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-4634 1 Cacti 1 Cacti 2025-04-12 N/A
SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.
CVE-2013-1893 1 Owncloud 1 Owncloud 2025-04-12 N/A
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application.
CVE-2013-2045 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-2046 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-3961 1 Abeel 1 Simple Php Agenda 2025-04-12 N/A
SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter.
CVE-2015-4137 1 Milw0rm Project 1 Milw0rm Clone Script 2025-04-12 N/A
SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter.
CVE-2015-8604 1 Cacti 1 Cacti 2025-04-12 N/A
SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action.
CVE-2015-6004 1 Progress 1 Whatsup Gold 2025-04-12 N/A
Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter.
CVE-2015-6522 1 Wpsymposium 1 Wp Symposium 2025-04-12 N/A
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.
CVE-2015-6537 1 Epiphanyhealthdata 1 Cardio Server 2025-04-12 N/A
SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL.
CVE-2015-7299 1 Nintex 3 K2 Blackpearl, K2 For Sharepoint, K2 Smartforms 2025-04-12 N/A
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.
CVE-2015-7448 1 Ibm 13 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 10 more 2025-04-12 N/A
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, 7.5.1, and 7.6.0 before 7.6.0.3 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-5462 1 Open-emr 1 Openemr 2025-04-12 N/A
Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edit_layout.php; (2) form_patient_id, (3) form_drug_name, or (4) form_lot_number parameter to interface/reports/prescriptions_report.php; (5) payment_id parameter to interface/billing/edit_payment.php; (6) id parameter to interface/forms_admin/forms_admin.php; (7) form_pid or (8) form_encounter parameter to interface/billing/sl_eob_search.php; (9) sortby parameter to interface/logview/logview.php; form_facility parameter to (10) procedure_stats.php, (11) pending_followup.php, or (12) pending_orders.php in interface/orders/; (13) patient, (14) encounterid, (15) formid, or (16) issue parameter to interface/patient_file/deleter.php; (17) search_term parameter to interface/patient_file/encounter/coding_popup.php; (18) text parameter to interface/patient_file/encounter/search_code.php; (19) form_addr1, (20) form_addr2, (21) form_attn, (22) form_country, (23) form_freeb_type, (24) form_partner, (25) form_name, (26) form_zip, (27) form_state, (28) form_city, or (29) form_cms_id parameter to interface/practice/ins_search.php; (30) form_pid parameter to interface/patient_file/problem_encounter.php; (31) patient, (32) form_provider, (33) form_apptstatus, or (34) form_facility parameter to interface/reports/appointments_report.php; (35) db_id parameter to interface/patient_file/summary/demographics_save.php; (36) p parameter to interface/fax/fax_dispatch_newpid.php; or (37) patient_id parameter to interface/patient_file/reminder/patient_reminders.php.