Total
19026 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9464 | 1 Microweber | 1 Microweber | 2025-04-12 | N/A |
| SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable. | ||||
| CVE-2014-8681 | 1 Gogits | 1 Gogs | 2025-04-12 | N/A |
| SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues. | ||||
| CVE-2012-6290 | 1 Imagecms | 1 Imagecms | 2025-04-12 | N/A |
| SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | ||||
| CVE-2014-2008 | 1 Mpay24 Project | 1 Mpay24 | 2025-04-12 | N/A |
| SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter. | ||||
| CVE-2013-3961 | 1 Abeel | 1 Simple Php Agenda | 2025-04-12 | N/A |
| SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter. | ||||
| CVE-2016-7919 | 1 Moodle | 1 Moodle | 2025-04-12 | 7.5 High |
| Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields. | ||||
| CVE-2014-5249 | 1 Biblio Autocomplete Project | 1 Biblio Autocomplete | 2025-04-12 | N/A |
| SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2012-5685 | 1 Zpanelcp | 1 Zpanel | 2025-04-12 | N/A |
| SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI. | ||||
| CVE-2014-1945 | 1 Opendocman | 1 Opendocman | 2025-04-12 | N/A |
| SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter. | ||||
| CVE-2014-8306 | 1 C97 | 1 Cart Engine | 2025-04-12 | N/A |
| SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter. | ||||
| CVE-2015-2562 | 1 Web-dorado | 1 Ecommerce Wd | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php. | ||||
| CVE-2015-2679 | 1 Genixcms | 1 Genixcms | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php. | ||||
| CVE-2013-7349 | 1 Raoul Proenca | 1 Gnew | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates. | ||||
| CVE-2015-7695 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2025-04-12 | N/A |
| The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query. | ||||
| CVE-2016-8582 | 1 Alienvault | 2 Open Source Security Information And Event Management, Unified Security Management | 2025-04-12 | N/A |
| A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE. | ||||
| CVE-2014-3483 | 2 Redhat, Rubyonrails | 2 Rhel Software Collections, Rails | 2025-04-12 | N/A |
| SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting. | ||||
| CVE-2014-5383 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-12 | N/A |
| SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-2213 | 1 Wordpress | 1 Wordpress | 2025-04-12 | N/A |
| SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash. | ||||
| CVE-2014-9258 | 1 Glpi-project | 1 Glpi | 2025-04-12 | N/A |
| SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter. | ||||
| CVE-2016-8905 | 1 Dotcms | 1 Dotcms | 2025-04-12 | N/A |
| SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. | ||||