Export limit exceeded: 364939 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19794 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19794 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2211 1 Posh Project 1 Posh 2025-04-12 N/A
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.
CVE-2014-6295 1 Wec Map Project 1 Wec Map 2025-04-12 N/A
SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-4016 1 Ibm 7 Change And Configuration Management Database, Maximo Asset Management, Maximo Service Desk and 4 more 2025-04-12 N/A
SQL injection vulnerability in IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140323-0749, 7.1.1.12 before IFIX.20140321-1336, 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 before IFIX011, and 7.5.0.5 before IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837, 7.1.1.11 before IFIX.20140207-1801, and 7.1.1.12 before IFIX.20140218-1510 allows remote authenticated users to execute arbitrary SQL commands via a Birt report with a WHERE clause in plain text.
CVE-2014-6293 1 Kennziffer 1 Statistics 2025-04-12 N/A
SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014.
CVE-2012-6654 1 Zpanelcp 1 Zpanel 2025-04-12 N/A
Multiple SQL injection vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) resetkey or (2) inConfEmail parameter to index.php, a different vulnerability than CVE-2012-5685.
CVE-2014-8507 1 Google 1 Android 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135.
CVE-2014-8499 1 Manageengine 1 Password Manager Pro 2025-04-12 N/A
Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc.
CVE-2014-3210 2 Dotonpaper, Wordpress 2 Booking System, Wordpress 2025-04-12 N/A
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.
CVE-2014-3757 1 Phpmanufaktur 1 Kitform 2025-04-12 N/A
SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter.
CVE-2014-4858 1 Sabreairlinesolutions 5 Crew Management, Crew Operations, Crew Planning and 2 more 2025-04-12 N/A
Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.
CVE-2014-3749 1 Construtiva 1 Cis Manager Cms 2025-04-12 N/A
SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp.
CVE-2014-3759 1 Karlen Walter 1 Si Bibtex 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the BibTex Publications (si_bibtex) extension 0.2.3 for TYPO3 allow remote attackers to execute arbitrary SQL commands via vectors related to the (1) search or (2) list functionality.
CVE-2014-4938 1 Wp Rss Poster Plugin Project 1 Wp-rss-poster 2025-04-12 N/A
SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php.
CVE-2016-9287 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter '$term' used directly in SQL. Impact is a SQL injection.
CVE-2014-4824 1 Ibm 1 Qradar Security Information And Event Manager 2025-04-12 N/A
SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-4939 1 Enl Newsletter Plugin Project 1 Enl-newsletter 2025-04-12 N/A
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the enl-add-new page to wp-admin/admin.php.
CVE-2014-4944 1 Bannersky 1 Bsk Pdf Manager 2025-04-12 N/A
Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php.
CVE-2012-5244 1 Bananadance 1 Banana Dance 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.
CVE-2016-9184 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure.
CVE-2012-5701 1 Dotproject 1 Dotproject 2025-04-12 N/A
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.