Export limit exceeded: 363337 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19679 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19679 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-3961 1 Abeel 1 Simple Php Agenda 2025-04-12 N/A
SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter.
CVE-2013-2046 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-2045 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-1893 1 Owncloud 1 Owncloud 2025-04-12 N/A
SQL injection vulnerability in addressbookprovider.php in ownCloud Server before 5.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, related to the contacts application.
CVE-2015-2564 1 Projectsend 1 Projectsend 2025-04-12 N/A
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.
CVE-2014-3783 1 Dotclear 1 Dotclear 2025-04-12 N/A
SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.
CVE-2015-0715 1 Cisco 1 Unity Connection 2025-04-12 N/A
SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447 and CSCut33608.
CVE-2016-8564 1 Siemens 1 Automation License Manager 2025-04-12 N/A
SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.
CVE-2015-2563 1 Vastal 1 Phpvid 2025-04-12 N/A
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157.
CVE-2015-0916 1 Cacti 1 Cacti 2025-04-12 N/A
SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035.
CVE-2015-0919 1 Sefrengo 1 Sefrengo 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.
CVE-2015-0894 1 Tips And Tricks Hq 1 All In One Wordpress Security And Firewall 2025-04-12 N/A
SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-2562 1 Web-dorado 1 Ecommerce Wd 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php.
CVE-2014-4649 1 Piwigo 1 Piwigo 2025-04-12 N/A
SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] field.
CVE-2015-2196 1 Web-dorado 1 Spider Calendar 2025-04-12 N/A
SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php.
CVE-2016-7405 3 Adodb Project, Fedoraproject, Php 3 Adodb, Fedora, Php 2025-04-12 N/A
The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting.
CVE-2015-2199 1 Wonderplugin 1 Audio Player 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.
CVE-2015-4426 1 Pimcore 1 Pimcore 2025-04-12 N/A
SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy.
CVE-2014-2323 4 Debian, Lighttpd, Opensuse and 1 more 5 Debian Linux, Lighttpd, Opensuse and 2 more 2025-04-12 9.8 Critical
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
CVE-2015-7784 1 Bokublock 2 Bbadminviewscontrol, Bbadminviewscontrol213 2025-04-12 N/A
SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.