Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4454 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2017-11-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php. | |||||
| CVE-2015-2213 | 1 Wordpress | 1 Wordpress | 2017-11-04 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash. | |||||
| CVE-2016-10134 | 1 Zabbix | 1 Zabbix | 2017-11-04 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. | |||||
| CVE-2017-5154 | 1 Advantech | 1 Webaccess | 2017-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files. | |||||
| CVE-2016-1000000 | 1 Ipswitch | 1 Whatsup Gold | 2017-11-03 | 6.5 MEDIUM | 8.8 HIGH |
| Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection | |||||
| CVE-2017-15378 | 1 Softwarepublico | 1 E-sic | 2017-10-31 | 6.5 MEDIUM | 8.8 HIGH |
| SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI). | |||||
| CVE-2017-15381 | 1 Softwarepublico | 1 E-sic | 2017-10-31 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script). | |||||
| CVE-2017-3221 | 1 Inmarsat | 1 Amosconnect 8 | 2017-10-29 | 5.0 MEDIUM | 9.8 CRITICAL |
| Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords. | |||||
| CVE-2017-15373 | 1 Softwarepublico | 1 E-sic | 2017-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area). | |||||
| CVE-2014-8621 | 1 Store Locator Project | 1 Store Locator | 2017-10-25 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php. | |||||
| CVE-2008-5054 | 1 Develop It Easy | 1 Membership System | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Develop It Easy Membership System 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters to customer_login.php and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0139 | 1 Loudblog | 1 Loudblog | 2017-10-19 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter. | |||||
| CVE-2008-5838 | 1 Ephpscripts | 1 E-shop Shopping Cart | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart) Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-5654 | 1 Myiosoft | 1 Easycalendar | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyCalendar 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter, a different vector than CVE-2008-1344. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5653 | 1 Myiosoft.com | 1 Ajaxportal | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5651 | 1 Myiosoft | 1 Easybookmarker | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in plugins/bookmarker/bookmarker_backend.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the Parent parameter. | |||||
| CVE-2008-5648 | 1 Deltascripts | 1 Php Shop | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.php in DeltaScripts PHP Shop 1.0 allows remote attackers to execute arbitrary SQL commands via the admin_username parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5629 | 1 Turnkeyarcade | 1 Turnkey Arcade Script | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action. | |||||
| CVE-2008-0224 | 1 Runcms | 1 Runcms | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter. | |||||
| CVE-2008-5365 | 1 Activewebsoftwares | 1 Activevotes | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter. | |||||
| CVE-2007-0582 | 1 Chernobile | 1 Chernobile | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows remote attackers to execute arbitrary SQL commands via the User (username) field. | |||||
| CVE-2008-5069 | 1 Deeserver | 1 Panuwat Promoteweb Mysql | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5058 | 1 Preproject | 1 Pre Simple Cms | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4902 | 1 Scripts Frenzy | 1 Article Publisher Pro | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in contact_author.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | |||||
| CVE-2008-4901 | 1 Scripts Frenzy | 1 Article Publisher Pro | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-0360 | 1 Blog Cms | 1 Blog Cms | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php. | |||||
| CVE-2008-4091 | 1 Source Workshop | 1 Web Directory Script | 2017-10-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. | |||||
| CVE-2008-6150 | 1 Sepcity | 1 Classified Ads | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in classdis.asp in SepCity Classified Ads allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2008-1788 | 1 Prozilla | 1 Entertainers | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6187 | 1 Gforge | 1 Gforge | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter. | |||||
| CVE-2008-6188 | 1 Gforge | 1 Gforge | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter. | |||||
| CVE-2009-0106 | 1 Phpauctions | 1 Phpauctions | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2008-6246 | 1 Scripts-for-sites | 1 Ez Webring | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in Scripts For Sites (SFS) EZ Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-6247 | 1 Scripts-for-sites | 1 Ez Top Sites | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topsite.php in Scripts For Sites (SFS) EZ Top Sites allows remote attackers to execute arbitrary SQL commands via the ts parameter. | |||||
| CVE-2009-0333 | 1 Joomla | 2 Com Waticketsystem, Joomla | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php. | |||||
| CVE-2008-3189 | 1 Dreamlevels | 1 Dreamnews Manager | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dreamnews-rss.php in DreamNews Manager allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3125 | 1 Mole Group | 1 Lastminute Script | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Mole Group Lastminute Script 4.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-2972 | 1 Kblance | 1 Kblance | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a comment action. | |||||
| CVE-2007-6172 | 1 Wire Plastic Design | 1 Wpquiz | 2017-10-19 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php. | |||||
| CVE-2008-2909 | 1 Clever Copy | 1 Clever Copy | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in results.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the searchtype parameter. | |||||
| CVE-2007-4966 | 1 Gforge | 1 Gforge | 2017-10-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter. | |||||
| CVE-2008-2890 | 1 Offl | 1 Online Fantasy Football League | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter to players.php. | |||||
| CVE-2008-2872 | 1 Aspindir | 1 Shibby Shop | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter. | |||||
| CVE-2009-0426 | 1 Dmxready | 1 Classified Listings Manager | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Classified Listings Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2009-0427 | 1 Dmxready | 1 Member Directory Manager | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Member Directory Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2009-0428 | 1 Dmxready | 1 Secure Document Library | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Secure Document Library 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-6137 | 1 P3mbo | 1 Content Injector | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-6134 | 1 Phpkit | 1 Phpkit | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773. | |||||
| CVE-2009-0458 | 1 Wholehogsoftware | 1 Ware Support | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Ware Support 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0459 | 1 Wholehogsoftware | 1 Password Protect | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information. | |||||