Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4113 | 2 Drupal, Earl Miles | 2 Drupal, Views | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments." | |||||
| CVE-2011-5198 | 1 Neturf | 1 Ecommerce Shopping Cart | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Neturf eCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the SearchFor parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-3615 | 1 Simplemachines | 1 Smf | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5200 | 1 Dedecms | 1 Dedecms | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php. | |||||
| CVE-2011-5201 | 1 Steveyolam | 1 Tinyguestbook | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in sign.php in tinyguestbook allow remote attackers to execute arbitrary SQL commands via the (1) name and (2) msg parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5203 | 1 Akiva | 1 Webboard | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-3130 | 1 Wordpress | 1 Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection. | |||||
| CVE-2011-5213 | 1 Browsercrm | 1 Browsercrm | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php. | |||||
| CVE-2011-5215 | 1 2daybiz | 1 Video Community Portal Script | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2011-5216 | 2 Troyef, Wordpress | 2 Scorm Cloud, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-5218 | 1 Neubivljiv | 1 Dota Openstats | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2011-5222 | 1 Scripte24shop | 1 Php Flirt-projekt | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter. | |||||
| CVE-2011-5224 | 2 Trioniclabs, Wordpress | 2 Sentinel, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-5230 | 1 Seotoaster | 1 Seotoaster | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member. | |||||
| CVE-2011-5234 | 1 Scripte24shop | 1 Social Network Community | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in Social Network Community 2 allows remote attackers to execute arbitrary SQL commands via the userId parameter. | |||||
| CVE-2011-5235 | 1 Mnogosearch | 1 Mnogosearch | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote attackers to execute arbitrary SQL commands via the hostname in a hypertext link. | |||||
| CVE-2011-5277 | 1 Advanced Forum Signatures Project | 1 Advanced Forum Signatures | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-4957 | 2 Nadine Schwingler, Typo3 | 2 Ke Questionnaire, Typo3 | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-5103 | 1 Typo3 | 1 Typo3 | 2017-08-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2010-4808 | 1 Valarsoft | 1 Webmatic | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2010-4809 | 1 Liberologico | 1 Dbsite | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2010-4812 | 1 6kbbs | 1 6kbbs | 2017-08-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] parameter to ajaxmember.php. | |||||
| CVE-2010-4814 | 1 Bestsoftinc | 1 Advance Hotel Booking System | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Advance Hotel Booking System 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2010-4824 | 1 Silverstripe | 1 Silverstripe | 2017-08-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter. | |||||
| CVE-2010-4843 | 1 Phpwebscripts | 1 Ad Manager Pro | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter. | |||||
| CVE-2010-4844 | 1 Mhproducts | 1 Easy Online Shop | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter. | |||||
| CVE-2010-4845 | 1 Mhproducts | 1 Projekt Shop | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MH Products Projekt Shop allow remote attackers to execute arbitrary SQL commands via the (1) ts parameter to details.php and possibly the (2) ilceler parameter to index.php. | |||||
| CVE-2010-4846 | 1 Mhproducts | 1 Pay Pal Shop Digital | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_item.php in MH Products Pay Pal Shop Digital allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | |||||
| CVE-2010-4847 | 1 Mhproducts | 1 Mhp Downloadshop | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_item.php in MH Products MHP Downloadshop allows remote attackers to execute arbitrary SQL commands via the ItemID parameter. | |||||
| CVE-2010-4853 | 2 Chillcreations, Joomla | 2 Com Ccinvoices, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php. | |||||
| CVE-2010-4854 | 1 Zuitu | 1 Zuitu | 2017-08-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a consume action. | |||||
| CVE-2010-4857 | 1 Curtiss Grymala | 1 Cag Cms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | |||||
| CVE-2010-4860 | 1 Galaxyscriptz | 1 Myphpauction | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-4861 | 1 Webspell | 1 Webspell | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||
| CVE-2010-4862 | 2 Harmistechnology, Joomla | 2 Com Jedirectory, Joomla\! | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. | |||||
| CVE-2010-4866 | 1 Chipmunk-scripts | 1 Chipmunk Board | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter. | |||||
| CVE-2010-4869 | 1 Drbenhur | 1 Dbhcms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter. | |||||
| CVE-2010-4872 | 1 Pilotcart | 1 Pilot Cart | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the specific parameter. | |||||
| CVE-2010-4894 | 1 Chillycms | 1 Chillycms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4908 | 1 Virtuenetz | 1 Virtue Shopping Mall | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the prodid parameter. | |||||
| CVE-2010-4910 | 1 Coldgen | 1 Coldcalendar | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action. | |||||
| CVE-2010-4911 | 1 Sellatsite | 1 Php Classifieds Ads | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in classi/detail.php in PHP Classifieds Ads allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2010-4912 | 1 Discuz | 1 Ucenter Home | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action. | |||||
| CVE-2010-4915 | 1 Coldgen | 1 Coldbookmarks | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action. | |||||
| CVE-2010-4916 | 1 Coldgen | 1 Coldusergroup | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter. | |||||
| CVE-2010-4917 | 1 A-blog | 1 A-blog | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter. | |||||
| CVE-2010-4919 | 1 Micronetsoft | 1 Rv Dealer Website | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer Website 1.0 allows remote attackers to execute arbitrary SQL commands via the vehicletypeID parameter. | |||||
| CVE-2010-4920 | 1 Micronetsoft | 1 Rental Property Website | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in Micronetsoft Rental Property Management Website 1.0 allows remote attackers to execute arbitrary SQL commands via the ad_ID parameter. | |||||
| CVE-2010-4921 | 1 Dmxready | 1 Polling Booth Manager | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady Polling Booth Manager allows remote attackers to execute arbitrary SQL commands via the QuestionID parameter in a results action. | |||||
| CVE-2010-4925 | 1 Nuked-klan | 2 Nuked-klan, Partenaires Module | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in clic.php in the Partenaires module 1.5 for Nuked-Klan allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||