Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5328 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2023-11-07 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php. | |||||
| CVE-2012-5327 | 2 Cartpauj, Wordpress | 2 Mingle-forum, Wordpress | 2023-11-07 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action. | |||||
| CVE-2012-4601 | 1 Tecnick | 1 Tcexam | 2023-11-07 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php. | |||||
| CVE-2012-4414 | 2 Mariadb, Oracle | 2 Mariadb, Mysql | 2023-11-07 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the replication code in Oracle MySQL possibly before 5.5.29, and MariaDB 5.1.x through 5.1.62, 5.2.x through 5.2.12, 5.3.x through 5.3.7, and 5.5.x through 5.5.25, allow remote authenticated users to execute arbitrary SQL commands via vectors related to the binary log. NOTE: as of 20130116, Oracle has not commented on claims from a downstream vendor that the fix in MySQL 5.5.29 is incomplete. | |||||
| CVE-2012-4237 | 1 Tecnick | 1 Tcexam | 2023-11-07 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php. | |||||
| CVE-2012-2311 | 1 Php | 1 Php | 2023-11-07 | 7.5 HIGH | N/A |
| sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823. | |||||
| CVE-2011-4292 | 1 Moodle | 1 Moodle | 2023-11-07 | 4.0 MEDIUM | N/A |
| Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations. | |||||
| CVE-2011-5224 | 2 Trioniclabs, Wordpress | 2 Sentinel, Wordpress | 2023-11-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2011-5276 | 1 Gplhost | 1 Domain Technologie Control | 2023-11-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the drawAdminTools_PackageInstaller function in shared/inc/forms/packager.php in Domain Technologie Control (DTC) before 0.32.11 allows remote authenticated users to execute arbitrary SQL commands via the database_name parameter. | |||||
| CVE-2011-5272 | 1 Gplhost | 1 Domain Technologie Control | 2023-11-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vps_note parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different researchers. | |||||
| CVE-2011-3197 | 1 Gplhost | 1 Domain Technologie Control | 2023-11-07 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector. | |||||
| CVE-2011-1562 | 1 Ecava | 1 Integraxor | 2023-11-07 | 7.5 HIGH | N/A |
| Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate. | |||||
| CVE-2011-1480 | 1 Phpnuke | 1 Php-nuke | 2023-11-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter. | |||||
| CVE-2011-1653 | 1 Broadcom | 1 Total Defense | 2023-11-07 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures. | |||||
| CVE-2011-1055 | 1 Lingxia273 | 1 Lingxia I.c.e Cms | 2023-11-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm. | |||||
| CVE-2010-4166 | 1 Joomla | 1 Joomla\! | 2023-11-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php. | |||||
| CVE-2010-3929 | 1 Modxcms | 1 Evolution | 2023-11-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch. | |||||
| CVE-2011-0467 | 1 Suse | 2 Studio Onsite, Studio Onsite Appliance | 2023-11-07 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the listing of available software of SUSE Studio Onsite, SUSE Studio Onsite 1.1 Appliance allows authenticated users to execute arbitrary SQL statements via SQL injection. Affected releases are SUSE Studio Onsite: versions prior to 1.0.3-0.18.1, SUSE Studio Onsite 1.1 Appliance: versions prior to 1.1.2-0.25.1. | |||||
| CVE-2011-0434 | 1 Gplhost | 1 Domain Technologie Control | 2023-11-07 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php. | |||||
| CVE-2010-1426 | 1 Modxcms | 1 Modxcms | 2023-11-07 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MODx Evolution before 1.0.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors related to WebLogin. | |||||