Export limit exceeded: 19792 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19792 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-6616 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
An issue was discovered in phpMyAdmin. In the "User group" and "Designer" features, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected.
CVE-2015-5308 1 Wp-championship Project 1 Wp-championship 2025-04-12 N/A
Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter.
CVE-2015-2824 1 Simple Ads Manager Project 1 Simple Ads Manager 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sam-ajax-admin.php.
CVE-2014-7959 1 Ait-pro 1 Bulletproof Security 2025-04-12 N/A
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.
CVE-2013-1803 1 Php-fusion 1 Php-fusion 2025-04-12 N/A
Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) parameter name starting with "delete_attach_" in an edit action to forum/postedit.php; the (3) poll_opts[] parameter in a newthread action to forum/postnewthread.php; the (4) pm_email_notify, (5) pm_save_sent, (6) pm_inbox, (7) pm_sentbox, or (8) pm_savebox parameter to administration/settings_messages.php; the (9) thumb_compression, (10) photo_watermark_text_color1, (11) photo_watermark_text_color2, or (12) photo_watermark_text_color3 parameter to administration/settings_photo.php; the (13) enable parameter to administration/bbcodes.php; the (14) news_image, (15) news_image_t1, or (16) news_image_t2 parameter to administration/news.php; the (17) news_id parameter in an edit action to administration/news.php; or the (18) article_id parameter in an edit action to administration/articles.php. NOTE: the user ID cookie issue in Authenticate.class.php is already covered by CVE-2013-7375.
CVE-2013-3213 1 Vtiger 1 Vtiger Crm 2025-04-12 N/A
Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php.
CVE-2012-1506 1 Orangehrm 1 Orangehrm 2025-04-12 N/A
SQL injection vulnerability in the updateStatus function in lib/models/benefits/Hsp.php in OrangeHRM before 2.7 allows remote authenticated users to execute arbitrary SQL commands via the hspSummaryId parameter to plugins/ajaxCalls/haltResumeHsp.php. NOTE: some of these details are obtained from third party information.
CVE-2011-5313 1 Redaxscript 1 Redaxscript 2025-04-12 N/A
Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program.
CVE-2014-9173 1 Google Doc Embedder Project 1 Google Doc Embedder 2025-04-12 N/A
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
CVE-2015-6486 1 Rockwellautomation 2 Micrologix 1100 Firmware, Micrologix 1400 Firmware 2025-04-12 N/A
SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-6512 1 Codelogic 1 Freichat 2025-04-12 N/A
SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php.
CVE-2015-6513 1 J2store 1 J2store 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_ids[] parameter to index.php.
CVE-2014-3932 1 Cososys 1 Endpoint Protector 2025-04-12 N/A
SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
CVE-2014-8586 1 Cp Multi View Event Calendar Project 1 Cp Multi View Event Calendar 2025-04-12 N/A
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.
CVE-2016-4999 1 Redhat 4 Dashbuilder, Jboss Bpm Suite, Jboss Bpms and 1 more 2025-04-12 9.8 Critical
SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI.
CVE-2016-9864 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
CVE-2015-6910 1 Synology 1 Video Station 2025-04-12 N/A
SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.
CVE-2015-6915 1 Montala 1 Resourcespace 2025-04-12 N/A
SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php.
CVE-2015-8369 1 Cacti 1 Cacti 2025-04-12 N/A
SQL injection vulnerability in include/top_graph_header.php in Cacti 0.8.8f and earlier allows remote attackers to execute arbitrary SQL commands via the rra_id parameter in a properties action to graph.php.
CVE-2012-5694 1 Bulbsecurity 1 Smartphone Pentest Framework 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo, (3) agentURLPath, (4) agentControlKey, or (5) platformDD1 parameter to frameworkgui/attach2Agents.pl; the (6) modemPhoneNo, (7) controlKey, or (8) appURLPath parameter to frameworkgui/attachMobileModem.pl; the agentsDD parameter to (9) escalatePrivileges.pl, (10) getContacts.pl, (11) getDatabase.pl, (12) sendSMS.pl, or (13) takePic.pl in frameworkgui/; or the modemNoDD parameter to (14) escalatePrivileges.pl, (15) getContacts.pl, (16) getDatabase.pl, (17) SEAttack.pl, (18) sendSMS.pl, (19) takePic.pl, or (20) CSAttack.pl in frameworkgui/.