Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-10013 | 1 Authenticator Plugin Project | 1 Authenticator Plugin | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql injection. Upgrading to version 1.39 is able to address this issue. The name of the patch is a5456633ff75e8f13705974c7ed1ce77f3f142d5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218428. | |||||
| CVE-2013-10012 | 1 Clan7ups Project | 1 Clan7ups | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, was found in antonbolling clan7ups. Affected is an unknown function of the component Login/Session. The manipulation leads to sql injection. The name of the patch is 25afad571c488291033958d845830ba0a1710764. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218388. | |||||
| CVE-2013-10011 | 1 Classroom-engagement-system Project | 1 Classroom-engagement-system | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in aeharding classroom-engagement-system and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. The attack may be launched remotely. The name of the patch is 096de5815c7b414e7339f3439522a446098fb73a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218156. | |||||
| CVE-2013-10009 | 1 Pychao Project | 1 Pychao | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file mod_fun/__init__.py. The manipulation leads to sql injection. The patch is identified as 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a patch to fix this issue. VDB-217634 is the identifier assigned to this vulnerability. | |||||
| CVE-2013-10008 | 1 Eshop Project | 1 Eshop | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in sheilazpy eShop. It has been classified as critical. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is e096c5849c4dc09e1074104531014a62a5413884. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217572. | |||||
| CVE-2012-10011 | 1 Contus | 1 Hd Flv Player | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in HD FLV PLayer Plugin up to 1.7 on WordPress. It has been rated as critical. Affected by this issue is the function hd_add_media/hd_update_media of the file functions.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The patch is identified as 34d66b9f3231a0e2dc0e536a6fe615d736e863f7. It is recommended to upgrade the affected component. VDB-225350 is the identifier assigned to this vulnerability. | |||||
| CVE-2012-10009 | 1 404like Project | 1 404like | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in 404like Plugin up to 1.0.2 on WordPress. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 2c4b589d27554910ab1fd104ddbec9331b540f7f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223404. | |||||
| CVE-2012-10008 | 1 Oneapp Project | 1 Oneapp | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability, which was classified as critical, has been found in uakfdotb oneapp. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 5413ac804f1b09f9decc46a6c37b08352c49669c. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221483. | |||||
| CVE-2012-10006 | 1 Sigeprosi Project | 1 Sigeprosi | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in ale7714 sigeprosi. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 5291886f6c992316407c376145d331169c55f25b. It is recommended to apply a patch to fix this issue. The identifier VDB-218493 was assigned to this vulnerability. | |||||
| CVE-2011-10003 | 1 Xpressengine | 1 Xpressengine | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in XpressEngine up to 1.4.4. It has been rated as critical. This issue affects some unknown processing of the component Update Query Handler. The manipulation leads to sql injection. Upgrading to version 1.4.5 is able to address this issue. The patch is named c6e94449f21256d6362450b29c7847305e756ad5. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220247. | |||||
| CVE-2011-10002 | 1 Weblabyrinth Project | 1 Weblabyrinth | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in weblabyrinth 0.3.1. This affects the function Labyrinth of the file labyrinth.inc.php. The manipulation leads to sql injection. Upgrading to version 0.3.2 is able to address this issue. The identifier of the patch is 60793fd8c8c4759596d3510641e96ea40e7f60e9. It is recommended to upgrade the affected component. The identifier VDB-220221 was assigned to this vulnerability. | |||||
| CVE-2011-10001 | 1 Phoenixcf Project | 1 Phoenixcf | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in iamdroppy phoenixcf. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file content/2-Community/articles.cfm. The manipulation leads to sql injection. The patch is named d156faf8bc36cd49c3b10d3697ef14167ad451d8. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218491. | |||||
| CVE-2010-10009 | 1 Ptome Project | 1 Ptome | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in frioux ptome. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The patch is named 26829bba67858ca0bd4ce49ad50e7ce653914276. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218519. | |||||
| CVE-2010-10007 | 1 Click-reminder Project | 1 Click-reminder | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in lierdakil click-reminder. It has been rated as critical. This issue affects the function db_query of the file src/backend/include/BaseAction.php. The manipulation leads to sql injection. The identifier of the patch is 41213b660e8eb01b22c8074f06208f59a73ca8dc. It is recommended to apply a patch to fix this issue. The identifier VDB-218465 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2010-10003 | 1 Titlelink Project | 1 Titlelink | 2024-05-17 | 5.2 MEDIUM | 9.8 CRITICAL |
| A vulnerability classified as critical was found in gesellix titlelink on Joomla. Affected by this vulnerability is an unknown functionality of the file plugin_content_title.php. The manipulation of the argument phrase leads to sql injection. The patch is named b4604e523853965fa981a4e79aef4b554a535db0. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217351. | |||||
| CVE-2010-0158 | 2 Joomla, Joomlabamboo | 2 Joomla, Jb Simpla | 2024-05-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php. NOTE: the vendor disputes this report, saying: "JoomlaBamboo has investigated this report, and it is incorrect. There is no SQL injection vulnerability involving the id parameter in an article view, and there never was. JoomlaBamboo customers have no reason to be concerned about this report. | |||||
| CVE-2009-4855 | 1 Typo3 | 1 Typo3 | 2024-05-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core. | |||||
| CVE-2009-0380 | 3 Joomla, Mambo-foundation, Sigsiu.net | 3 Joomla, Mambo, Sobi2 | 2024-05-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2 | |||||
| CVE-2008-6225 | 1 Mole-group | 1 Airline Ticket Sale Script | 2024-05-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out such false informations. Such scripts or versions [do not] exist. | |||||
| CVE-2008-10004 | 1 Email Registration Project | 1 Email Registration | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in Email Registration 5.x-2.1 on Drupal. It has been declared as critical. This vulnerability affects the function email_registration_user of the file email_registration.module. The manipulation of the argument namenew leads to sql injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 is able to address this issue. The patch is identified as 126c141b7db038c778a2dc931d38766aad8d1112. It is recommended to upgrade the affected component. VDB-222334 is the identifier assigned to this vulnerability. | |||||