Search Results (19812 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1000124 1 Huge-it 1 Portfolio Gallery 2025-04-12 N/A
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6
CVE-2016-4507 1 Bosch 1 Bladecontrol-webvis 2025-04-12 6.4 Medium
SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-10034 1 Couponphp 1 Couponphp 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/.
CVE-2014-10033 1 Oscommerce 1 Online Merchant 2025-04-12 N/A
SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
CVE-2016-0710 1 Apache 1 Jetspeed 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.
CVE-2014-10032 1 Scriptbrasil 1 Taboada Macronews 2025-04-12 N/A
SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
CVE-2016-1000123 1 Huge-it 1 Video Gallery 2025-04-12 N/A
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
CVE-2014-9464 1 Microweber 1 Microweber 2025-04-12 N/A
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
CVE-2014-100031 1 Ismail Fahmi 1 Ganesha Digital Library 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php.
CVE-2014-100022 1 Mtouch Quiz Project 1 Mtouch Quiz 2025-04-12 N/A
SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php.
CVE-2015-4628 1 Limesurvey 1 Limesurvey 2025-04-12 N/A
SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.
CVE-2010-5317 1 Basic-cms 1 Sweetrice 2025-04-12 N/A
Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the sys-name parameter in an rssfeed action, or (4) the sys-name parameter in a view action.
CVE-2015-7791 1 Welcart 1 Welcart E-commerce 2025-04-12 N/A
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter.
CVE-2015-4188 1 Cisco 1 Prime Collaboration 2025-04-12 N/A
SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104.
CVE-2011-5272 1 Gplhost 1 Domain Technologie Control 2025-04-12 N/A
SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different researchers.
CVE-2012-5865 1 Achievo 1 Achievo 2025-04-12 N/A
SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.
CVE-2015-7239 1 Sap 1 Netweaver J2ee Engine 2025-04-12 N/A
SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-2944 1 Megalab 1 The Uploader 2025-04-12 N/A
SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2011-5276 1 Gplhost 1 Domain Technologie Control 2025-04-12 N/A
SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter.
CVE-2015-8153 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.