Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-4627 | 1 Rsa | 1 Web Threat Detection | 2025-04-12 | 8.8 High |
| SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2013-7375 | 1 Php-fusion | 1 Php-fusion | 2025-04-12 | N/A |
| SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803. | ||||
| CVE-2014-5097 | 1 Freereprintables | 1 Articlefr | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php. | ||||
| CVE-2016-4507 | 1 Bosch | 1 Bladecontrol-webvis | 2025-04-12 | 6.4 Medium |
| SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-2292 | 1 Yoast | 1 Wordpress Seo | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | ||||
| CVE-2016-6611 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-12 | N/A |
| An issue was discovered in phpMyAdmin. A specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. | ||||
| CVE-2014-5184 | 1 Stripshow Plugin Project | 1 Stripshow | 2025-04-12 | N/A |
| SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php. | ||||
| CVE-2016-5817 | 1 Navis | 1 Webaccess | 2025-04-12 | N/A |
| SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-2849 | 1 Antlabs | 6 Inngate Ig 3.01 E, Inngate Ig 3.10 E, Inngate Ig 3.10 M and 3 more | 2025-04-12 | N/A |
| SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter. | ||||
| CVE-2015-2242 | 1 Webshophun | 1 Webshop Hun | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the (1) termid or (2) nyelv_id parameter to index.php. | ||||
| CVE-2016-4999 | 1 Redhat | 4 Dashbuilder, Jboss Bpm Suite, Jboss Bpms and 1 more | 2025-04-12 | 9.8 Critical |
| SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to execute arbitrary SQL commands via a data set lookup filter in the (1) Data Set Authoring or (2) Displayer editor UI. | ||||
| CVE-2016-1000122 | 1 Huge-it | 1 Slider | 2025-04-12 | N/A |
| XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | ||||
| CVE-2013-7349 | 1 Raoul Proenca | 1 Gnew | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates. | ||||
| CVE-2014-5089 | 1 Status2k | 1 Status2k | 2025-04-12 | N/A |
| SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter. | ||||
| CVE-2014-9097 | 1 Apptha | 1 Contus Video Gallery | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the playlistId parameter in the newplaylist page or (3) videoId parameter in a newvideo page to wp-admin/admin.php. | ||||
| CVE-2013-5640 | 1 Raoul Proenca | 1 Gnew | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thread_id to posts/edit.php vectors. | ||||
| CVE-2015-2314 | 1 Wpml | 1 Wpml | 2025-04-12 | N/A |
| SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed. | ||||
| CVE-2016-1000117 | 1 Huge-it | 1 Slideshow | 2025-04-12 | N/A |
| XSS & SQLi in HugeIT slideshow v1.0.4 | ||||
| CVE-2014-2245 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-12 | N/A |
| SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2014-2211 | 1 Posh Project | 1 Posh | 2025-04-12 | N/A |
| SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter. | ||||