Export limit exceeded: 19780 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19780 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-17875 1 Jextn 1 Jextn Faq Pro 2025-04-20 N/A
The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action.
CVE-2017-11383 1 Trendmicro 1 Control Manager 2025-04-20 N/A
SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560.
CVE-2015-7346 1 Zcms Project 1 Zcms 2025-04-20 N/A
SQL injection vulnerability in ZCMS 1.1.
CVE-2015-5052 1 Sefrengo 1 Sefrengo 2025-04-20 N/A
SQL injection vulnerability in Sefrengo before 1.6.5 beta2.
CVE-2016-2566 1 Samsung 2 Galaxy S6, Galaxy S6 Firmware 2025-04-20 N/A
Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081.
CVE-2015-7714 1 Realtyna 1 Realtyna Property Listing 2025-04-20 7.2 High
Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php.
CVE-2015-3314 1 Tune Library Project 1 Tune Library 2025-04-20 N/A
SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.
CVE-2015-3313 1 Community Events Project 1 Community Events 2025-04-20 N/A
SQL injection vulnerability in WordPress Community Events plugin before 1.4.
CVE-2017-8835 1 Peplink 12 1350hw2 Firmware, 2500 Firmware, 380hw6 Firmware and 9 more 2025-04-20 N/A
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.
CVE-2017-5347 1 Metalgenix 1 Genixcms 2025-04-20 N/A
SQL injection vulnerability in inc/mod/newsletter/options.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the recipient parameter to gxadmin/index.php.
CVE-2017-5346 1 Genixcms 1 Genixcms 2025-04-20 N/A
SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.
CVE-2017-5345 1 Metalgenix 1 Genixcms 2025-04-20 N/A
SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI.
CVE-2017-17950 1 Cells 1 Blog 2025-04-20 N/A
Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter.
CVE-2017-17959 1 Php Multivendor Ecommerce Project 1 Php Multivendor Ecommerce 2025-04-20 N/A
PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.
CVE-2014-4914 2 Debian, Zend 2 Debian Linux, Zend Framework 2025-04-20 N/A
The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.
CVE-2017-11444 1 Intelliants 1 Subrion Cms 2025-04-20 N/A
Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array.
CVE-2017-17983 1 Muslim Matrimonial Script Project 1 Muslim Matrimonial Script 2025-04-20 N/A
PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter.
CVE-2015-9098 1 Red-gate 1 Sql Monitor 2025-04-20 9.8 Critical
In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).
CVE-2017-17919 1 Rubyonrails 1 Ruby On Rails 2025-04-20 8.1 High
SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input
CVE-2017-17941 1 Single Theater Booking Script Project 1 Single Theater Booking Script 2025-04-20 N/A
PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.