Total
14188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3081 | 1 Jojocms | 1 Jojo-cms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/. | |||||
| CVE-2013-5318 | 1 Benjamin Arnaudetr | 1 Ginkgocms | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the rang parameter to index.php. | |||||
| CVE-2013-2690 | 1 Synchroweb | 1 Synconnect | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action. | |||||
| CVE-2013-5306 | 2 Die-netzmacher, Typo3 | 2 Browser, Typo3 | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-5302 | 2 Kennziffer, Typo3 | 2 Ke Search, Typo3 | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-2945 | 1 B2evolution | 1 B2evolution | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | |||||
| CVE-2013-3533 | 1 Virtualaccess | 1 Virtual Access Monitor | 2017-08-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Virtual Access Monitor 3.10.17 and earlier allow attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-5304 | 2 Joachim Ruhs, Typo3 | 2 Locator, Typo3 | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-3478 | 1 Apptha | 1 Video Gallery Plugin | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the playid parameter to index.php. | |||||
| CVE-2013-2594 | 1 Hornbill | 1 Supportworks Itsm | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter. | |||||
| CVE-2013-6243 | 1 Landing Pages Project | 1 Landing Pages Plugin | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Landing Pages plugin 1.2.3, before 20131009, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the "post" parameter to index.php. | |||||
| CVE-2013-0451 | 1 Ibm | 1 Maximo Asset Management | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 through 7.1.1.12 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-5673 | 2 Indianic, Wordpress | 2 Testimonial Plugin, Wordpress | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php. | |||||
| CVE-2013-5028 | 1 Kwoksys | 1 Information Server | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) hardwareStatus, or (3) hardwareLocation parameter in a search command. | |||||
| CVE-2013-6341 | 1 Dokeos | 1 Dokeos | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php. | |||||
| CVE-2013-4748 | 2 Georg Ringer, Typo3 | 2 News, Typo3 | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-0560 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2017-08-29 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2012-5766. | |||||
| CVE-2013-6311 | 1 Ibm | 1 Marketing Platform | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-4720 | 2 Typo3, Webempoweredchurch | 2 Typo3, Wec Discussion | 2017-08-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2013-4017 | 1 Ibm | 1 Maximo Asset Management | 2017-08-29 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Maximo Asset Management 7.1 before 7.1.1.12 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||