Export limit exceeded: 18968 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18968 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0699 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A |
| SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. | ||||
| CVE-2014-1854 | 1 Adrotateplugin | 1 Adrotate | 2025-04-12 | N/A |
| SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter. | ||||
| CVE-2013-2945 | 1 B2evolution | 1 B2evolution | 2025-04-12 | N/A |
| SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | ||||
| CVE-2012-1665 | 1 Oscmax | 1 Oscmax | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php. | ||||
| CVE-2014-5097 | 1 Freereprintables | 1 Articlefr | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php. | ||||
| CVE-2016-6652 | 1 Pivotal Software | 1 Spring Data Jpa | 2025-04-12 | N/A |
| SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call. | ||||
| CVE-2014-5520 | 1 Xrms Crm Project | 1 Xrms Crm | 2025-04-12 | N/A |
| SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php. | ||||
| CVE-2011-5277 | 1 Advanced Forum Signatures Project | 1 Advanced Forum Signatures | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in signature.php in the Advanced Forum Signatures (aka afsignatures) plugin 2.0.4 for MyBB allow remote attackers to execute arbitrary SQL commands via the (1) afs_type, (2) afs_background, (3) afs_showonline, (4) afs_bar_left, (5) afs_bar_center, (6) afs_full_line1, (7) afs_full_line2, (8) afs_full_line3, (9) afs_full_line4, (10) afs_full_line5, or (11) afs_full_line6 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2011-5278 | 1 Advanced Forum Signatures Project | 1 Advanced Forum Signatures | 2025-04-12 | N/A |
| SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right parameter. | ||||
| CVE-2016-3659 | 1 Cacti | 1 Cacti | 2025-04-12 | N/A |
| SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows remote authenticated users to execute arbitrary SQL commands via the host_group_data parameter. | ||||
| CVE-2012-6643 | 1 Clip-bucket | 1 Clipbucket | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1) videos.php or (2) channels.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2013-0735 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to execute arbitrary SQL commands via the id parameter in a viewtopic (1) remove_post, (2) sticky, or (3) closed action or (4) thread parameter in a postreply action to index.php. | ||||
| CVE-2016-7919 | 1 Moodle | 1 Moodle | 2025-04-12 | 7.5 High |
| Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields. | ||||
| CVE-2015-6537 | 1 Epiphanyhealthdata | 1 Cardio Server | 2025-04-12 | N/A |
| SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL. | ||||
| CVE-2015-6004 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter. | ||||
| CVE-2016-1393 | 1 Cisco | 1 Cloud Network Automation Provisioner | 2025-04-12 | N/A |
| SQL injection vulnerability in Cisco Cloud Network Automation Provisioner (CNAP) 1.0 and 1.1 allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuy72175. | ||||
| CVE-2016-6453 | 1 Cisco | 1 Identity Services Engine | 2025-04-12 | N/A |
| A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CSCva46542. Known Affected Releases: 1.3(0.876). | ||||
| CVE-2011-5286 | 1 Social Slider Project | 1 Social Slider | 2025-04-12 | N/A |
| SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter. | ||||
| CVE-2014-9464 | 1 Microweber | 1 Microweber | 2025-04-12 | N/A |
| SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable. | ||||
| CVE-2016-5653 | 1 Misys | 1 Fusioncapital Opics Plus | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter. | ||||