Export limit exceeded: 19356 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19356 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5350 | 1 Wordpress | 2 Pay-with-tweet, Wordpress | 2025-04-11 | N/A |
| SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode. | ||||
| CVE-2012-5367 | 1 Orangehrm | 1 Orangehrm | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks. | ||||
| CVE-2010-4857 | 1 Curtiss Grymala | 1 Cag Cms | 2025-04-11 | N/A |
| SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | ||||
| CVE-2012-5766 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via vectors involving the RNVisibility page and unspecified screens, a different vulnerability than CVE-2013-0560. | ||||
| CVE-2010-4869 | 1 Drbenhur | 1 Dbhcms | 2025-04-11 | N/A |
| SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter. | ||||
| CVE-2012-5288 | 1 Accomplishtechnology | 1 Phpmydirectory | 2025-04-11 | N/A |
| SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2012-4479 | 2 David Alkire, Drupal | 2 Drag \& Drop Gallery, Drupal | 2025-04-11 | N/A |
| SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2011-4448 | 1 Wikkawiki | 1 Wikkawiki | 2025-04-11 | N/A |
| SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action. | ||||
| CVE-2012-5900 | 1 Samedia | 1 Landshop | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php. | ||||
| CVE-2012-5912 | 1 Pico | 1 Picopublisher | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php. | ||||
| CVE-2011-4487 | 1 Cisco | 7 Business Edition 3000, Business Edition 3000 Software, Business Edition 5000 and 4 more | 2025-04-11 | N/A |
| SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote attackers to execute arbitrary SQL commands via a crafted SCCP registration, aka Bug ID CSCtu73538. | ||||
| CVE-2011-4669 | 1 Wordpress | 2 Wordpress, Wordpress-users | 2025-04-11 | N/A |
| SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php. | ||||
| CVE-2010-4700 | 1 Php | 1 Php | 2025-04-11 | N/A |
| The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions. | ||||
| CVE-2012-4601 | 1 Tecnick | 1 Tcexam | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php. | ||||
| CVE-2011-4763 | 1 Parallels | 1 Parallels Plesk Small Business Panel | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files. | ||||
| CVE-2011-2546 | 1 Cisco | 4 Sa500 Software, Sa520, Sa520w and 1 more | 2025-04-11 | N/A |
| SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669. | ||||
| CVE-2011-4808 | 2 Joomla, Joomlaextensions | 2 Joomla\!, Com Hmcommunity | 2025-04-11 | N/A |
| SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php. | ||||
| CVE-2011-4816 | 1 Ibm | 6 Maximo Asset Management, Maximo Asset Management Essentials, Maximo Service Desk and 3 more | 2025-04-11 | N/A |
| SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuration Management Database (CCMDB) 6.2, 7.1, and 7.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2011-4921 | 1 E107 | 1 E107 | 2025-04-11 | N/A |
| SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2010-4784 | 1 Phpwebscripts | 1 Easy Banner Free | 2025-04-11 | N/A |
| Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | ||||