Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2697 | 2 Joomla, Rapid-source | 2 Com Rapidrecipe, Rapid Recipe | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php. | |||||
| CVE-2008-0916 | 1 Highwood Design | 1 Hwdvideoshare | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Highwood Design hwdVideoShare (com_hwdvideoshare) 1.1.3 Alpha component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a viewcategory action to index.php. | |||||
| CVE-2008-2568 | 1 Joomla | 2 Com Simpleshop, Joomla | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php. | |||||
| CVE-2008-6148 | 2 Joomla, Raven-worx | 2 Joomla, Liveticker | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Live Ticker (com_liveticker) module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a viewticker action to index.php. | |||||
| CVE-2006-0961 | 1 Cilem | 1 Cilem Haber | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as "Cilem News," although that does not appear to be the proper name. | |||||
| CVE-2006-6038 | 1 Powie | 1 Pforum | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6880 | 1 Php-update | 1 Php-update | 2017-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter. | |||||
| CVE-2006-6848 | 1 Aspticker | 1 Aspticker | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter. | |||||
| CVE-2006-3904 | 1 Etomite | 1 Etomite | 2017-10-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2007-0196 | 1 Motionborg | 1 Motionborg Web Real Estate | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information. | |||||
| CVE-2017-14758 | 1 Opentext | 1 Document Sciences Xpression | 2017-10-18 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | |||||
| CVE-2017-14757 | 1 Opentext | 1 Document Sciences Xpression | 2017-10-18 | 6.5 MEDIUM | 8.8 HIGH |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. | |||||
| CVE-2017-13068 | 1 Qnap | 1 Qts Helpdesk | 2017-10-13 | 5.0 MEDIUM | 7.5 HIGH |
| QNAP has already patched this vulnerability. This security concern allows a remote attacker to perform an SQL injection on the application and obtain Helpdesk application information. A remote attacker does not require any privileges to successfully execute this attack. | |||||
| CVE-2017-1000120 | 1 Frappe | 1 Frappe | 2017-10-13 | 6.5 MEDIUM | 8.8 HIGH |
| [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. | |||||
| CVE-2015-2146 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2017-10-11 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php. | |||||
| CVE-2015-2147 | 1 Phpbugtracker Project | 1 Phpbugtracker | 2017-10-11 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | |||||
| CVE-2017-1311 | 1 Ibm | 1 Insights Foundation For Energy | 2017-10-11 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719. | |||||
| CVE-2017-6089 | 1 Phpcollab | 1 Phpcollab | 2017-10-11 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php. | |||||
| CVE-2008-5198 | 1 Vizzed | 1 Acmlmboard | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter. | |||||
| CVE-2007-2000 | 1 Raphael Limbach | 1 Crea-book | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter. | |||||
| CVE-2007-1899 | 1 Mywebland | 1 Mybloggie | 2017-10-11 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php. | |||||
| CVE-2008-2815 | 1 Mymarket | 1 Mymarket | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2803 | 1 Vizayn Urun | 1 Tanitim Sitesi | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action. | |||||
| CVE-2008-3954 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showcat action. | |||||
| CVE-2007-2571 | 1 Xoops | 1 Wfquotes Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | |||||
| CVE-2007-1920 | 1 Smodbip | 1 Smodbip | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the aktualnosci module in SmodBIP 1.06 and earlier allows remote attackers to execute arbitrary SQL commands via the zoom parameter, possibly related to home.php. | |||||
| CVE-2007-1897 | 1 Wordpress | 1 Wordpress | 2017-10-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. | |||||
| CVE-2007-1960 | 1 Xoops | 1 Rha7 Downloads Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||
| CVE-2008-1551 | 1 Runcms | 2 Photo Module, Runcms | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-3119 | 1 Kartli Alisveris Sistemi | 1 Kartli Alisveris Sistemi | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) 1.0 allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | |||||
| CVE-2007-1962 | 1 Xoops | 2 Wf-snippets, Xoops | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | |||||
| CVE-2007-2673 | 1 Censura | 1 Censura | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/funcs_vendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action to censura.php. | |||||
| CVE-2007-3447 | 1 Bugmall | 1 Shopping Cart | 2017-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected. | |||||
| CVE-2007-0984 | 1 Aspcode.net | 1 Pollmentor | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp. | |||||
| CVE-2006-7116 | 1 Kubix | 1 Kubix | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php. | |||||
| CVE-2007-0985 | 1 Phpcc | 1 Phpcc | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action. | |||||
| CVE-2007-1776 | 1 Design For Joomla | 1 D4j Ezine | 2017-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action. | |||||
| CVE-2007-1163 | 1 Webspell | 1 Webspell | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. | |||||
| CVE-2004-1553 | 1 Fullrevolution | 1 Aspwebalbum | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action. | |||||
| CVE-2005-0413 | 1 Myphp Forum | 1 Myphp Forum | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier. | |||||
| CVE-2017-14738 | 1 Filerun | 1 Filerun | 2017-10-10 | 7.5 HIGH | 9.8 CRITICAL |
| FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function). | |||||
| CVE-2017-14743 | 1 Faleemi | 2 Fsc-880, Fsc-880 Firmware | 2017-10-10 | 9.3 HIGH | 8.1 HIGH |
| Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password. | |||||
| CVE-2017-14507 | 1 Shindiristudio | 1 Content Timeline | 2017-10-10 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php. | |||||
| CVE-2017-14703 | 1 Cashbackcomparisonscript | 1 Cash Back Comparison | 2017-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/. | |||||
| CVE-2015-9234 | 1 Cfpaypal | 1 Cp Contact Form With Paypal | 2017-10-06 | 6.5 MEDIUM | 7.2 HIGH |
| The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. | |||||
| CVE-2017-14760 | 1 Eventespresso | 1 Event Espresso Lite | 2017-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in /includes/event-management/index.php in the event-espresso-free (aka Event Espresso Lite) plugin v3.1.37.12.L for WordPress via the recurrence_id parameter to /wp-admin/admin.php. | |||||
| CVE-2017-14844 | 1 Dasinfomedia | 1 Wpgym Gym Management System | 2017-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | |||||
| CVE-2017-14843 | 1 Dasinfomedia | 1 School Management System | 2017-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla School Management System for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-14842 | 1 Dasinfomedia | 1 Smsmaster Multipurpose Sms Gateway | 2017-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter. | |||||
| CVE-2017-14846 | 1 Dasinfomedia | 1 Hospital Management System | 2017-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. | |||||