Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-5374 | 1 Slidervilla | 1 Dbox Slider | 2018-01-24 | 6.5 MEDIUM | 8.8 HIGH |
| The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). | |||||
| CVE-2018-5373 | 1 Slidervilla | 1 Smooth Slider | 2018-01-24 | 6.5 MEDIUM | 8.8 HIGH |
| The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid parameter). | |||||
| CVE-2018-5372 | 1 Slidervilla | 1 Testimonial Slider | 2018-01-24 | 6.5 MEDIUM | 8.8 HIGH |
| The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). | |||||
| CVE-2015-9249 | 1 Skyboxsecurity | 1 Skybox Platform | 2018-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element. | |||||
| CVE-2012-0805 | 1 Sqlalchemy | 1 Sqlalchemy | 2018-01-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function. | |||||
| CVE-2017-14960 | 1 Opentext | 1 Document Sciences Xpression | 2018-01-17 | 5.0 MEDIUM | 7.5 HIGH |
| xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 has SQL Injection. | |||||
| CVE-2014-4914 | 2 Debian, Zend | 2 Debian Linux, Zend Framework | 2018-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors. | |||||
| CVE-2017-17875 | 1 Jextn | 1 Jextn Faq Pro | 2018-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action. | |||||
| CVE-2017-17872 | 1 Jextn | 1 Jextn Video Gallery | 2018-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action. | |||||
| CVE-2018-3811 | 1 Oturia | 1 Smart Google Code Inserter | 2018-01-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query. | |||||
| CVE-2017-1000444 | 1 Openhacker Project | 1 Openhacker | 2018-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution | |||||
| CVE-2015-3637 | 1 Phpmybackuppro | 1 Phpmybackuppro | 2018-01-11 | 6.8 MEDIUM | 8.1 HIGH |
| SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters. | |||||
| CVE-2017-17870 | 1 Jbuildozer | 1 Jbuildozer | 2018-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action. | |||||
| CVE-2012-2576 | 1 Solarwinds | 3 Backup Profiler, Storage Manager, Storage Profiler | 2018-01-11 | 10.0 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. | |||||
| CVE-2009-2640 | 1 Interlogy | 1 Profile Manager | 2018-01-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow remote attackers to execute arbitrary SQL commands via a pmadm cookie in (1) an edittemp action or (2) a users action. | |||||
| CVE-2012-1784 | 1 Myjoblist | 1 Myjoblist | 2018-01-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter in a profile action to index.php. | |||||
| CVE-2012-0293 | 1 Symantec | 1 Altiris Wise Package Studio | 2018-01-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Symantec Altiris WISE Package Studio before 8.0MR1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2012-1557 | 1 Parallels | 1 Parallels Plesk Panel | 2018-01-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012. | |||||
| CVE-2017-17931 | 1 Resume Clone Script Project | 1 Resume Clone Script | 2018-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter. | |||||
| CVE-2017-17928 | 1 Ordermanagementscript | 1 Professional Service Script | 2018-01-10 | 7.5 HIGH | 9.8 CRITICAL |
| PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. | |||||