Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6094 | 1 Dotnetindex | 1 Active News Manager | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to activenews_search.asp. | |||||
| CVE-2009-2892 | 1 Scripteen | 1 Free Image Hosting Script | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie. | |||||
| CVE-2016-1000116 | 1 Huge-it | 1 Portfolio Gallery Manager | 2024-02-14 | 6.5 MEDIUM | 7.2 HIGH |
| Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS | |||||
| CVE-2020-20289 | 1 Yccms | 1 Yccms | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability. | |||||
| CVE-2008-6075 | 1 Rasihbahar | 1 Bahar Download Script | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 allows remote attackers to execute arbitrary SQL commands via the kid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-0146 | 6 John Lim, Mantis, Mediabeez and 3 more | 6 Adodb, Mantis, Mediabeez and 3 more | 2024-02-14 | 7.5 HIGH | N/A |
| The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter. | |||||
| CVE-2013-7242 | 1 Zenphoto | 1 Zenphoto | 2024-02-14 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter. | |||||
| CVE-2008-1315 | 1 Php-nuke | 1 Zclassifieds | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php. | |||||
| CVE-2014-3961 | 1 Xnau | 1 Participants Database | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter in an "output CSV" action to pdb-signup/. | |||||
| CVE-2010-4151 | 1 Deluxebb | 1 Deluxebb | 2024-02-14 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033. | |||||
| CVE-2008-1219 | 1 Phpnuke | 1 Kutubisitte Component | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php. | |||||
| CVE-2016-1000125 | 1 Huge-it | 1 Huge-it Catalog | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla | |||||
| CVE-2008-1763 | 1 Blogator Script | 1 Blogator Script | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter. | |||||
| CVE-2011-0960 | 1 Cisco | 1 Unified Operations Manager | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716. | |||||
| CVE-2020-24315 | 1 Wordpress Poll Project | 1 Wordpress Poll | 2024-02-14 | 5.0 MEDIUM | 7.5 HIGH |
| Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database. | |||||
| CVE-2016-1000123 | 1 Huge-it | 1 Video Gallery | 2024-02-14 | 7.5 HIGH | 9.8 CRITICAL |
| Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla | |||||
| CVE-2010-2909 | 2 Joomla, Toughtomato | 2 Joomla\!, Com Ttvideo | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php. | |||||
| CVE-2012-4034 | 1 Pbboard | 1 Pbboard | 2024-02-14 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php. | |||||
| CVE-2007-3938 | 1 Maxdev | 1 Mdpro | 2024-02-14 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676. | |||||
| CVE-2006-1676 | 1 Maxdev | 1 Md-pro | 2024-02-14 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in PNuserapi.PHP. | |||||