Export limit exceeded: 19656 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19656 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2012-4056 1 Uiga 1 Personal Portal 2025-04-11 N/A
SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2013-5931 1 Real-estate-php-script 1 Real Estate Php Script 2025-04-11 N/A
SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter.
CVE-2012-5967 1 Merethis 1 Centreon 2025-04-11 N/A
SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.
CVE-2013-1852 1 Kolja Schleich 1 Leaguemanager 2025-04-11 N/A
SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php.
CVE-2013-0511 1 Ibm 1 Security Appscan 2025-04-11 N/A
Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters.
CVE-2012-5900 1 Samedia 1 Landshop 2025-04-11 N/A
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php.
CVE-2013-1177 1 Cisco 1 Network Admission Control Manager And Server System Software 2025-04-11 N/A
SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095.
CVE-2012-1626 2 Drupal, Karen Stevenson 2 Drupal, Date 2025-04-11 N/A
SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-1603 1 Nextbbs 1 Nextbbs 2025-04-11 N/A
Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function.
CVE-2012-5333 1 Preprojects 1 Pre Printing Press 2025-04-11 N/A
SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2013-6417 2 Redhat, Rubyonrails 5 Cloudforms Managementengine, Openstack, Rhel Software Collections and 2 more 2025-04-11 N/A
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155.
CVE-2013-6341 1 Dokeos 1 Dokeos 2025-04-11 N/A
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
CVE-2010-0454 1 Fabricadigital 1 Publique\! 2025-04-11 N/A
SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in Publique! 2.3 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
CVE-2012-1061 1 Gforgegroup 1 Gforge 2025-04-11 N/A
SQL injection vulnerability in GForge Advanced Server 6.0.0 and other versions before 6.0.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-0727 1 Cisco 1 Unified Communications Manager 2025-04-11 N/A
SQL injection vulnerability in the CallManager Interactive Voice Response (CMIVR) interface in Cisco Unified Communications Manager (UCM) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05318.
CVE-2014-0726 1 Cisco 1 Unified Communications Manager 2025-04-11 N/A
SQL injection vulnerability in the IP Manager Assistant (IPMA) interface in Cisco Unified Communications Manager (UCM) 10.0(1) and earlier allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCum05326.
CVE-2012-5350 1 Wordpress 2 Pay-with-tweet, Wordpress 2025-04-11 N/A
SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode.
CVE-2012-5348 1 Wilson Steven 1 Mangosweb Enhanced 2025-04-11 N/A
SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php.
CVE-2012-5342 1 Michau Enterprises Llc 1 Commonsense Cms 2025-04-11 N/A
Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.
CVE-2012-2718 2 Drupal, Drupal-id 2 Drupal, Counter Module 2025-04-11 N/A
SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits."