Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40839 | 1 Ndk-design | 1 Ndkadvancedcustomizationfields | 2024-02-14 | N/A | 7.5 HIGH |
| A SQL injection vulnerability in the height and width parameter in NdkAdvancedCustomizationFields v3.5.0 allows unauthenticated attackers to exfiltrate database data. | |||||
| CVE-2016-1000115 | 1 Huge-it | 1 Portfolio Gallery Manager | 2024-02-14 | 6.5 MEDIUM | 7.2 HIGH |
| Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | |||||
| CVE-2009-2933 | 1 Piwigo | 1 Piwigo | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter. | |||||
| CVE-2010-0762 | 1 Commodityrentals | 1 Cd Rental Software | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action. | |||||
| CVE-2006-0146 | 6 John Lim, Mantis, Mediabeez and 3 more | 6 Adodb, Mantis, Mediabeez and 3 more | 2024-02-14 | 7.5 HIGH | N/A |
| The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter. | |||||
| CVE-2014-3961 | 1 Xnau | 1 Participants Database | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/. | |||||
| CVE-2013-7242 | 1 Zenphoto | 1 Zenphoto | 2024-02-14 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter. | |||||
| CVE-2010-0946 | 2 Joomla, Kiss-software | 2 Joomla\!, Com Ksadvertiser | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php. | |||||
| CVE-2010-0761 | 1 Commodityrentals | 1 Books\/ebooks Rentals Script | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CommodityRentals Books/eBooks Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a gamecatalog action. | |||||
| CVE-2020-29147 | 1 Wayang-cms Project | 1 Wayang-cms | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information. | |||||
| CVE-2011-5168 | 1 Bananadance | 1 Banana Dance | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2011-5091 | 1 Grboard | 1 Grboard | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in GR Board (aka grboard) 1.8.6.5 Community Edition allow remote attackers to execute arbitrary SQL commands via the (1) tableType or (2) blindTarget parameter to view.php, (3) the delTargets[0] parameter to view_memo.php, or (4) the isReported parameter to write_ok.php. | |||||
| CVE-2016-2555 | 1 Atutor | 1 Atutor | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php. | |||||
| CVE-2021-38694 | 1 Softvibe | 1 Saraban | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. | |||||
| CVE-2020-25379 | 1 Recall-products Project | 1 Recall-products | 2024-02-14 | 6.5 MEDIUM | 8.8 HIGH |
| Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query. | |||||
| CVE-2007-1302 | 1 Li-scripts | 1 Li-guestbook | 2024-02-14 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected. | |||||
| CVE-2008-6075 | 1 Rasihbahar | 1 Bahar Download Script | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 allows remote attackers to execute arbitrary SQL commands via the kid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4238 | 1 Teamst | 1 Testlink | 2024-02-14 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php. | |||||
| CVE-2008-1315 | 1 Php-nuke | 1 Zclassifieds | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php. | |||||
| CVE-2007-5222 | 1 Maxdev | 1 Mdpro | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header. | |||||