Search Results (19794 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3906 1 Kk-osk 2 Advance-flow, Advance-flow Forms 2025-04-12 N/A
SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-3857 1 Kerio 1 Control 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php.
CVE-2015-2843 1 Goautodial 1 Goadmin Ce 2025-04-12 N/A
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/.
CVE-2015-4426 1 Pimcore 1 Pimcore 2025-04-12 N/A
SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy.
CVE-2016-9288 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1.
CVE-2016-2950 1 Ibm 1 Bigfix Remote Control 2025-04-12 N/A
SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-9283 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
SQL Injection in framework/core/subsystems/expRouter.php in Exponent CMS v2.4.0 allows remote attackers to read database information via address/addContentToSearch/id/ and a trailing string, related to a "sef URL" issue.
CVE-2015-4678 1 Persian Car Cms Project 1 Persian Car Cms 2025-04-12 N/A
SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI.
CVE-2016-9282 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
SQL Injection in framework/modules/search/controllers/searchController.php in Exponent CMS v2.4.0 allows remote attackers to read database information via action=search&module=search with the search_string parameter.
CVE-2016-1000117 1 Huge-it 1 Slideshow 2025-04-12 N/A
XSS & SQLi in HugeIT slideshow v1.0.4
CVE-2016-9134 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure.
CVE-2016-4040 1 Dotcms 1 Dotcms 2025-04-12 N/A
SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter.
CVE-2016-1000000 1 Progress 1 Whatsup Gold 2025-04-12 N/A
Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection
CVE-2016-1000116 1 Huge-it 1 Portfolio Gallery Manager 2025-04-12 N/A
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
CVE-2015-7858 1 Joomla 1 Joomla\! 2025-04-12 N/A
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297.
CVE-2014-7864 1 Zohocorp 1 Manageengine Opmanager 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the FailOverHelperServlet (aka FailServlet) servlet in ZOHO ManageEngine OpManager 8 through 11.5 build 11400 and IT360 10.5 and earlier allow remote attackers and remote authenticated users to execute arbitrary SQL commands via the (1) customerName or (2) serverRole parameter in a standbyUpdateInCentral operation to servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.
CVE-2015-7999 1 Citrix 1 Command Center 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-0249 1 Ibm 1 Security Guardium 2025-04-12 N/A
SQL injection vulnerability in IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-0224 1 Ibm 1 Marketing Platform 2025-04-12 N/A
SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-3727 1 Kasseler-cms 1 Kasseler-cms 2025-04-12 N/A
SQL injection vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users to execute arbitrary SQL commands via the groups[] parameter to admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.