Export limit exceeded: 19815 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (19815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-7453 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.
CVE-2015-7784 1 Bokublock 2 Bbadminviewscontrol, Bbadminviewscontrol213 2025-04-12 N/A
SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2015-4628 1 Limesurvey 1 Limesurvey 2025-04-12 N/A
SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.
CVE-2016-1000119 1 Huge-it 1 Catalog 2025-04-12 N/A
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
CVE-2016-1000120 1 Huge-it 1 Catalog 2025-04-12 N/A
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
CVE-2016-1000125 1 Huge-it 1 Huge-it Catalog 2025-04-12 N/A
Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla
CVE-2015-7727 1 Sap 1 Hana 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors in the (1) trace configuration page or (2) getSqlTraceConfiguration function, aka SAP Security Note 2153898.
CVE-2015-7725 1 Sap 1 Hana 2025-04-12 N/A
Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remoteSourceName in the dropCredentials function or unspecified vectors in the (2) setTraceLevelsForXsApps, (3) _modifyUser, or (4) _newUser function, aka SAP Security Notes 2153898 and 2153765.
CVE-2016-9184 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure.
CVE-2016-9481 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
In framework/modules/core/controllers/expCommentController.php of Exponent CMS 2.4.0, content_id input is passed into showComments. The method showComments is defined in the expCommentControllercontroller with the parameter '$this->params['content_id']' used directly in SQL. Impact is a SQL injection.
CVE-2012-5865 1 Achievo 1 Achievo 2025-04-12 N/A
SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.
CVE-2016-3675 1 Huawei 2 Policy Center, Policy Center Firmware 2025-04-12 8.1 High
SQL injection vulnerability in Huawei Policy Center with software before V100R003C10SPC020 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to system databases.
CVE-2012-6654 1 Zpanelcp 1 Zpanel 2025-04-12 N/A
Multiple SQL injection vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) resetkey or (2) inConfEmail parameter to index.php, a different vulnerability than CVE-2012-5685.
CVE-2015-6009 1 Refbase 1 Refbase 2025-04-12 N/A
Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382.
CVE-2014-3704 2 Debian, Drupal 2 Debian Linux, Drupal 2025-04-12 N/A
The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.
CVE-2014-3757 1 Phpmanufaktur 1 Kitform 2025-04-12 N/A
SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter.
CVE-2014-2531 1 Interworx 1 Web Control Panel 2025-04-12 N/A
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object.
CVE-2014-2540 1 Orbitscripts 1 Orbit Open Ad Server 2025-04-12 N/A
SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory.
CVE-2014-5180 1 Hdwplayer 1 Hdw-player-video-player-video-gallery 2025-04-12 N/A
SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php.
CVE-2014-8999 1 Xoops 1 Xoops 2025-04-12 N/A
SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.