Export limit exceeded: 23110 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 19635 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19635 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5328 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php. | ||||
| CVE-2012-5453 | 1 Atutor | 1 Acontent | 2025-04-11 | N/A |
| SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167. | ||||
| CVE-2012-5590 | 2 Drupal, Scripthead | 2 Drupal, Webmail Plus | 2025-04-11 | N/A |
| SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-1163 | 1 Cisco | 1 Connected Grid Network Management System | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the device-management implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCue14553 and CSCue38746. | ||||
| CVE-2009-4680 | 1 Phpdirectorysource | 1 Phpdirectorysource | 2025-04-11 | N/A |
| SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter. | ||||
| CVE-2009-4687 | 1 Hypersilence | 1 Silentum Guestbook | 2025-04-11 | N/A |
| SQL injection vulnerability in silentum_guestbook.php in Silentum Guestbook 2.0.2 allows remote attackers to execute arbitrary SQL commands via the messageid parameter. | ||||
| CVE-2009-4689 | 1 Resalecode | 1 Php Shopping Cart Selling Website Script | 2025-04-11 | N/A |
| SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2010-0951 | 1 Dev4u | 1 Dev4u Cms | 2025-04-11 | N/A |
| SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter. | ||||
| CVE-2010-0952 | 1 Insanevisions | 1 Onecms | 2025-04-11 | N/A |
| SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action. | ||||
| CVE-2010-0954 | 1 Preprojects | 1 Pre E-learning Portal | 2025-04-11 | N/A |
| SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter. | ||||
| CVE-2013-0155 | 5 Cloudforms Cloudengine, Debian, Redhat and 2 more | 6 1, Debian Linux, Openshift and 3 more | 2025-04-11 | N/A |
| Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request, as demonstrated by certain "[nil]" values, a related issue to CVE-2012-2660 and CVE-2012-2694. | ||||
| CVE-2012-0994 | 1 Zenphoto | 1 Zenphoto | 2025-04-11 | N/A |
| SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter. | ||||
| CVE-2013-0451 | 1 Ibm | 1 Maximo Asset Management | 2025-04-11 | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-0511 | 1 Ibm | 1 Security Appscan | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified parameters. | ||||
| CVE-2012-5333 | 1 Preprojects | 1 Pre Printing Press | 2025-04-11 | N/A |
| SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2013-1434 | 1 Cacti | 1 Cacti | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) utility.php in Cacti before 0.8.8b allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-1613 | 1 Symantec | 2 Security Information Manager, Security Information Manager Appliance | 2025-04-11 | N/A |
| SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-1748 | 1 Chatelao | 1 Php Address Book | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2. | ||||
| CVE-2013-1842 | 1 Typo3 | 1 Typo3 | 2025-04-11 | N/A |
| SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values." | ||||
| CVE-2013-1852 | 1 Kolja Schleich | 1 Leaguemanager | 2025-04-11 | N/A |
| SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the leaguemanager-export page to wp-admin/admin.php. | ||||