Export limit exceeded: 18268 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18268 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2008 | 1 Mpay24 Project | 1 Mpay24 | 2025-04-12 | N/A |
| SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter. | ||||
| CVE-2014-4944 | 1 Bannersky | 1 Bsk Pdf Manager | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) categoryid or (2) pdfid parameter to wp-admin/admin.php. | ||||
| CVE-2015-1013 | 1 Osisoft | 2 Pi Server, Pi Sql For Af | 2025-04-12 | N/A |
| OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements. | ||||
| CVE-2014-5383 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-12 | N/A |
| SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2014-100020 | 1 Itechscripts | 1 Itechclassifieds | 2025-04-12 | N/A |
| SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685. | ||||
| CVE-2014-9435 | 1 Absolutengine | 1 Absolut Engine | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username parameter to admin/admin.php, or (4) title parameter to admin/managerrelated.php. | ||||
| CVE-2014-7201 | 1 Kevin Renskers | 1 Dmmjobcontrol | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/. | ||||
| CVE-2013-2226 | 1 Glpi-project | 1 Glpi | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) filename parameter to front/document.form.php, or (3) table parameter to ajax/comments.php. | ||||
| CVE-2016-7405 | 3 Adodb Project, Fedoraproject, Php | 3 Adodb, Fedora, Php | 2025-04-12 | N/A |
| The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. | ||||
| CVE-2014-2081 | 1 Iii | 1 Vtls-virtua | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the login in web_reports/cgi-bin/InfoStation.cgi in Innovative vtls-Virtua before 2013.2.4 and 2014.x before 2014.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | ||||
| CVE-2014-10038 | 1 Domphp | 1 Domphp | 2025-04-12 | N/A |
| SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. | ||||
| CVE-2015-7876 | 1 Drupal 7 Driver For Sql Server And Sql Azure Project | 1 Drupal 7 Driver For Sql Server And Sql Azure | 2025-04-12 | N/A |
| The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the db_like function. | ||||
| CVE-2014-2323 | 4 Debian, Lighttpd, Opensuse and 1 more | 5 Debian Linux, Lighttpd, Opensuse and 2 more | 2025-04-12 | 9.8 Critical |
| SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname. | ||||
| CVE-2015-1875 | 1 Palosanto | 1 Elastix | 2025-04-12 | N/A |
| SQL injection vulnerability in a2billing/customer/iridium_threed.php in Elastix 2.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the transactionID parameter. | ||||
| CVE-2013-4467 | 1 Vicidial | 1 Vicidial | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQL commands via the campaign variable in SCRIPT_multirecording_AJAX.php, (2) remote authenticated users to execute arbitrary SQL commands via the server_ip parameter to manager_send.php, or (3) other unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2015-2562 | 1 Web-dorado | 1 Ecommerce Wd | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php. | ||||
| CVE-2015-8604 | 1 Cacti | 1 Cacti | 2025-04-12 | N/A |
| SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. | ||||
| CVE-2014-100011 | 1 Sendy | 1 Sendy | 2025-04-12 | N/A |
| SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter. | ||||
| CVE-2014-8682 | 1 Gogits | 1 Gogs | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go. | ||||
| CVE-2014-100012 | 1 Sendy | 1 Sendy | 2025-04-12 | N/A |
| SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. | ||||