Search Results (19774 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-1924 1 Phpscripte24 1 Live Shopping Multi Portal System 2025-04-11 N/A
SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shopping Multi Portal System allows remote attackers to execute arbitrary SQL commands via the artikel parameter.
CVE-2010-1931 1 Cubecart 1 Cubecart 2025-04-11 N/A
SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php.
CVE-2012-3951 1 Sonicwall 1 Scrutinizer 2025-04-11 N/A
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
CVE-2010-2924 2 Silvercover, Wordpress 2 Mylinksdump Plugin, Wordpress 2025-04-11 N/A
SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-1925 1 Rifat Kurban 1 Tekno.portal 2025-04-11 N/A
SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817.
CVE-2010-1949 2 Emultisoft, Joomla 2 Com Jnewspaper, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2011-0407 1 Phenotype-cms 1 Phenotype Cms 2025-04-11 N/A
SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained from third party information.
CVE-2010-4700 1 Php 1 Php 2025-04-11 N/A
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.
CVE-2013-6243 1 Landing Pages Project 1 Landing Pages Plugin 2025-04-11 N/A
SQL injection vulnerability in the Landing Pages plugin 1.2.3, before 20131009, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the "post" parameter to index.php.
CVE-2009-4795 1 Xlightftpd 1 Xlight Ftp Server 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command.
CVE-2010-2016 1 Imagetraders 1 Iceberg Cms 2025-04-11 N/A
SQL injection vulnerability in details.php in Iceberg CMS allows remote attackers to execute arbitrary SQL commands via the p_id parameter.
CVE-2010-3922 1 Sixapart 1 Movabletype 2025-04-11 N/A
SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-2124 1 Bartels-schoene 1 Conpresso 2025-04-11 N/A
SQL injection vulnerability in firma.php in Bartels Schone ConPresso 4.0.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-2133 1 Mylittleforum 1 My Little Forum 2025-04-11 N/A
SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942.
CVE-2010-4702 2 Fxwebdesign, Joomla 2 Com Jradio, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-5453 1 Atutor 1 Acontent 2025-04-11 N/A
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167.
CVE-2010-2141 1 Nitropowered 1 Nitro Web Gallery 2025-04-11 N/A
SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action.
CVE-2010-2148 2 Joomla, Unisoft 2 Joomla\!, Com Mycar 2025-04-11 N/A
SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php.
CVE-2011-4811 1 Bst 1 Bestshoppro 2025-04-11 N/A
SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter.
CVE-2013-2050 1 Redhat 3 Cloudforms Management Engine, Cloudforms Managementengine, Manageiq Enterprise Virtualization Manager 2025-04-11 N/A
SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine (CFME) 5.1 and ManageIQ Enterprise Virtualization Manager 5.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the profile[] parameter in an explorer action.