Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6441 | 2024-02-14 | N/A | 9.8 CRITICAL | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UNI-PA University Marketing & Computer Internet Trade Inc. University Information System allows SQL Injection.This issue affects University Information System: before 12.12.2023. | |||||
| CVE-2023-44294 | 2024-02-14 | N/A | 5.4 MEDIUM | ||
| In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of Collection Rest API. This issue may potentially lead to unintentional information disclosure from the product database. | |||||
| CVE-2023-44293 | 2024-02-14 | N/A | 5.4 MEDIUM | ||
| In Dell Secure Connect Gateway Application and Secure Connect Gateway Appliance (between v5.10.00.00 and v5.18.00.00), a security concern has been identified, where a malicious user with a valid User session may inject malicious content in filters of IP Range Rest API. This issue may potentially lead to unintentional information disclosure from the product database. | |||||
| CVE-2002-0999 | 1 Care 2002 | 1 Care 2002 | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unauthorized database operations. | |||||
| CVE-2009-2892 | 1 Scripteen | 1 Free Image Hosting Script | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie. | |||||
| CVE-2016-1000125 | 1 Huge-it | 1 Huge-it Catalog | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla | |||||
| CVE-2019-16125 | 1 Jobberbase | 1 Jobberbase | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| In Jobberbase 2.0, the parameter category is not sanitized in public/page_subscribe.php, leading to /subscribe SQL injection. | |||||
| CVE-2021-25874 | 1 Youphptube | 1 Youphptube | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior is affected by a SQL Injection SQL injection in the catName parameter which allows a remote unauthenticated attacker to retrieve databases information such as application passwords hashes. | |||||
| CVE-2009-0284 | 1 Flaxweb | 1 Flax Article Manager | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2020-7229 | 1 Simplejobscript | 1 Simplejobscript | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The parameter is landing_location. The function is countSearchedJobs(). The file is _lib/class.Job.php. | |||||
| CVE-2016-1000123 | 1 Huge-it | 1 Video Gallery | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla | |||||
| CVE-2016-1000124 | 1 Huge-it | 1 Portfolio Gallery | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 | |||||
| CVE-2008-1763 | 1 Blogator Script | 1 Blogator Script | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter. | |||||
| CVE-2016-1000116 | 1 Huge-it | 1 Portfolio Gallery Manager | 2024-02-14 | 6.5 MEDIUM | 7.2 HIGH |
| Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | |||||
| CVE-2011-0443 | 1 Tinybb | 1 Tinybb | 2024-02-14 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0327 | 1 Seraphimtech | 1 Free Bible Search Php Script | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in readbible.php in Free Bible Search PHP Script 1.0 allows remote attackers to execute arbitrary SQL commands via the version parameter. | |||||
| CVE-2020-24315 | 1 Wordpress Poll Project | 1 Wordpress Poll | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database. | |||||
| CVE-2018-20477 | 1 S-cms | 1 S-cms | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field. | |||||
| CVE-2008-1219 | 1 Phpnuke | 1 Kutubisitte Component | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php. | |||||
| CVE-2010-4151 | 1 Deluxebb | 1 Deluxebb | 2024-02-14 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033. | |||||