Search Results (19795 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9242 1 Websitebaker 1 Websitebaker 2025-04-12 N/A
SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
CVE-2014-9229 1 Symantec 1 Endpoint Protection 2025-04-12 N/A
Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role.
CVE-2014-1597 1 I-doit 1 I-doit 2025-04-12 N/A
SQL injection vulnerability in the CMDB web application in synetics i-doit pro before 1.2.5 and i-doit open allows remote attackers to execute arbitrary SQL commands via the objID parameter to the default URI.
CVE-2013-0735 2 Cartpauj, Wordpress 2 Mingle-forum, Wordpress 2025-04-12 N/A
Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php.
CVE-2015-1434 1 Mylittleforum 1 My Little Forum 2025-04-12 N/A
Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.
CVE-2015-1441 1 Piwigo 1 Piwigo 2025-04-12 N/A
SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-1442 1 Aas9 1 Zerocms 2025-04-12 N/A
SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. NOTE: The article_id parameter to zero_view_article.php vector is already covered by CVE-2014-4034.
CVE-2015-1450 1 Restaurantbiller 1 Restaurant Biller 2025-04-12 N/A
SQL injection vulnerability in Restaurant Biller allows remote attackers to execute arbitrary SQL commands via the cid parameter in a category action to index.php.
CVE-2015-2242 1 Webshophun 1 Webshop Hun 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the (1) termid or (2) nyelv_id parameter to index.php.
CVE-2014-9057 2 Debian, Sixapart 2 Debian Linux, Movable Type 2025-04-12 N/A
SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2016-1000122 1 Huge-it 1 Slider 2025-04-12 N/A
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
CVE-2015-1467 1 Fork-cms 1 Fork Cms 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.
CVE-2015-1471 1 Pragyan Cms Project 1 Pragyan Cms 2025-04-12 N/A
SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.
CVE-2016-1000123 1 Huge-it 1 Video Gallery 2025-04-12 N/A
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
CVE-2015-1560 1 Centreon 1 Centreon 2025-04-12 N/A
SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attackers to execute arbitrary SQL commands via the sid parameter to include/common/XmlTree/GetXmlTree.php.
CVE-2016-1393 1 Cisco 1 Cloud Network Automation Provisioner 2025-04-12 N/A
SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175.
CVE-2014-9173 1 Google Doc Embedder Project 1 Google Doc Embedder 2025-04-12 N/A
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
CVE-2015-8157 1 Broadcom 5 Symantec Critical System Protection, Symantec Data Center Security Server, Symantec Data Center Security Server And Agents and 2 more 2025-04-12 8.8 High
SQL injection vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical System Protection (SCSP) before 5.2.9 MP6, Data Center Security: Server Advanced Server (DCS:SA) 6.x before 6.5 MP1 and 6.6 before MP1, and Data Center Security: Server Advanced Server and Agents (DCS:SA) through 6.6 MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-2587 1 Mcafee 1 Asset Manager 2025-04-12 N/A
SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter).
CVE-2014-3961 1 Xnau 1 Participants Database 2025-04-12 N/A
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/.