Total
18627 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9313 | 1 Newstatpress Project | 1 Newstatpress | 2024-11-21 | N/A |
| The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element. | ||||
| CVE-2015-9310 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2024-11-21 | N/A |
| The all-in-one-wp-security-and-firewall plugin before 3.9.1 for WordPress has multiple SQL injection issues. | ||||
| CVE-2015-9301 | 1 W3eden | 1 Live Forms | 2024-11-21 | N/A |
| The liveforms plugin before 3.2.0 for WordPress has SQL injection. | ||||
| CVE-2015-9249 | 1 Skyboxsecurity | 1 Skybox Platform | 2024-11-21 | N/A |
| An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element. | ||||
| CVE-2015-9244 | 1 Mysqljs | 1 Mysql | 2024-11-21 | 9.8 Critical |
| Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection. | ||||
| CVE-2015-8298 | 1 Rxtec | 1 Rxadmin | 2024-11-21 | N/A |
| Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or the (5) rxtec cookie to index.htm. | ||||
| CVE-2015-7567 | 1 Yeager | 1 Yeager Cms | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter. | ||||
| CVE-2015-7342 | 1 Joobi | 1 Jnews | 2024-11-21 | 7.2 High |
| JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field. | ||||
| CVE-2015-7340 | 1 Gwesystems | 1 Jevents | 2024-11-21 | 7.2 High |
| JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action. | ||||
| CVE-2015-7338 | 1 Acyba | 1 Acymailing | 2024-11-21 | 7.2 High |
| SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocation_longitude request to index.php. | ||||
| CVE-2015-5725 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | N/A |
| SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable. | ||||
| CVE-2015-5617 | 1 Enorth | 1 Webpublisher Cms | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter. | ||||
| CVE-2015-5591 | 1 Zenphoto | 1 Zenphoto | 2024-11-21 | 7.2 High |
| SQL injection vulnerability in Zenphoto before 1.4.9 allow remote administrators to execute arbitrary SQL commands. | ||||
| CVE-2015-4633 | 1 Koha | 1 Koha | 2024-11-21 | N/A |
| Multiple SQL injection vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow (1) remote attackers to execute arbitrary SQL commands via the number parameter to opac-tags_subject.pl in the OPAC interface or (2) remote authenticated users to execute arbitrary SQL commands via the Filter or (3) Criteria parameter to reports/borrowers_out.pl in the Staff interface. | ||||
| CVE-2015-4615 | 1 Easy2map | 1 Easy2map-photos | 2024-11-21 | N/A |
| Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables | ||||
| CVE-2015-4043 | 1 Connx | 1 Esp Hr Management | 2024-11-21 | N/A |
| SQL injection vulnerability in ConnX ESP HR Management 4.4.0 allows remote attackers to execute arbitrary SQL commands via the ctl00$cphMainContent$txtUserName parameter to frmLogin.aspx. | ||||
| CVE-2015-3424 | 1 Accentis | 1 Content Resource Management System | 2024-11-21 | 8.8 High |
| SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter. | ||||
| CVE-2015-3423 | 1 Netcracker | 1 Resource Management System | 2024-11-21 | 8.8 High |
| Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter. | ||||
| CVE-2015-2062 | 2 Huge-it, Microsoft | 2 Huge-it Slider, Windows | 2024-11-21 | 7.2 High |
| Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php. | ||||
| CVE-2015-10124 | 1 Smartfan | 1 Most Popular Posts Widget | 2024-11-21 | 6.3 Medium |
| A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 0.9 is able to address this issue. The patch is identified as a99667d11ac8d320006909387b100e9a8b5c12e1. It is recommended to upgrade the affected component. VDB-241026 is the identifier assigned to this vulnerability. | ||||