Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1455 | 1 Pearson | 1 Esis Enterprise Student Information System | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the password reset functionality in Pearson eSIS Enterprise Student Information System, possibly 3.3.0.13 and earlier, allows remote attackers to execute arbitrary SQL commands via the new password. | |||||
| CVE-2014-1206 | 1 Openwebanalytics | 1 Open Web Analytics | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php. | |||||
| CVE-2014-1459 | 1 Doorgets | 1 Doorgets Cms | 2018-10-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2014-100011 | 1 Sendy | 1 Sendy | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||||
| CVE-2013-7219 | 1 2glux | 1 Com Sexypolling | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter. | |||||
| CVE-2011-5110 | 1 John Geo | 1 Blogs Manager | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/. | |||||
| CVE-2011-4559 | 1 Vtiger | 1 Vtiger Crm | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. | |||||
| CVE-2011-3340 | 1 Atcom | 1 Netvolution | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | |||||
| CVE-2011-4833 | 1 Sugarcrm | 1 Sugarcrm | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php. | |||||
| CVE-2011-5259 | 1 Orangehrm | 1 Orangehrm | 2018-10-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2011-5169 | 1 Dell | 1 Sonicwall Viewpoint | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter. | |||||
| CVE-2011-4672 | 1 Valid | 1 Tiny-erp | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php. | |||||
| CVE-2011-5109 | 1 John Geo | 1 Freelancer Calendar | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the SearchField parameter in a search action to (1) category_list.php, (2) Copy_of_calendar_list.php, (3) customer_statistics_list.php, (4) customer_list.php, and (5) task_statistics_list.php in the worldcalendar directory. | |||||
| CVE-2011-1610 | 1 Cisco | 1 Unified Communications Manager | 2018-10-09 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064. | |||||
| CVE-2011-1546 | 1 Aphpkb | 1 Aphpkb | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1061 | 1 Webmastersite | 1 Wsn Guest | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the time parameter. | |||||
| CVE-2011-1060 | 1 Webmastersite | 1 Wsn Guest | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php. | |||||
| CVE-2011-1047 | 2 Vasthtml, Wordpress | 2 Forum Server, Wordpress | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php. | |||||
| CVE-2017-15367 | 1 Bacula | 1 Bacula-web | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server. | |||||
| CVE-2018-15168 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. | |||||