Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4833 | 1 Sugarcrm | 1 Sugarcrm | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php. | |||||
| CVE-2011-5259 | 1 Orangehrm | 1 Orangehrm | 2018-10-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in lib/controllers/CentralController.php in OrangeHRM before 2.6.11.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2011-5109 | 1 John Geo | 1 Freelancer Calendar | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the SearchField parameter in a search action to (1) category_list.php, (2) Copy_of_calendar_list.php, (3) customer_statistics_list.php, (4) customer_list.php, and (5) task_statistics_list.php in the worldcalendar directory. | |||||
| CVE-2011-5169 | 1 Dell | 1 Sonicwall Viewpoint | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter. | |||||
| CVE-2011-5110 | 1 John Geo | 1 Blogs Manager | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) _rate_list.php, (7) categoriesblogs_list.php, (8) chosen_authors_list.php, (9) chosen_blogs_list.php, (10) chosen_comments_list.php, and (11) help_list.php in blogs/. | |||||
| CVE-2011-4559 | 1 Vtiger | 1 Vtiger Crm | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. | |||||
| CVE-2011-3340 | 1 Atcom | 1 Netvolution | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | |||||
| CVE-2011-1546 | 1 Aphpkb | 1 Aphpkb | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2011-1610 | 1 Cisco | 1 Unified Communications Manager | 2018-10-09 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064. | |||||
| CVE-2011-1060 | 1 Webmastersite | 1 Wsn Guest | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php. | |||||
| CVE-2011-1047 | 2 Vasthtml, Wordpress | 2 Forum Server, Wordpress | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id parameter in an editpost action to index.php, which is not properly handled by wpf-post.php, or (3) topic parameter to feed.php. | |||||
| CVE-2011-1061 | 1 Webmastersite | 1 Wsn Guest | 2018-10-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the time parameter. | |||||
| CVE-2017-15367 | 1 Bacula | 1 Bacula-web | 2018-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server. | |||||
| CVE-2018-15168 | 1 Zohocorp | 1 Manageengine Applications Manager | 2018-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability exists in the Zoho ManageEngine Applications Manager 13 before build 13820 via the resids parameter in a /editDisplaynames.do?method=editDisplaynames GET request. | |||||
| CVE-2018-14967 | 1 Emlsoft Project | 1 Emlsoft | 2018-10-04 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.user.php has SQL Injection via the numPerPage parameter. | |||||
| CVE-2018-14968 | 1 Emlsoft Project | 1 Emlsoft | 2018-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.address.php has SQL Injection via the numPerPage parameter. | |||||
| CVE-2018-14961 | 1 Zzcms | 1 Zzcms | 2018-10-04 | 5.0 MEDIUM | 9.8 CRITICAL |
| dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter. | |||||
| CVE-2018-12482 | 1 Ocsinventory-ng | 1 Ocsinventory Ng | 2018-09-30 | 6.5 MEDIUM | 8.8 HIGH |
| OCS Inventory 2.4.1 contains multiple SQL injections in the search engine. Authentication is needed in order to exploit the issues. | |||||
| CVE-2018-12942 | 1 Seeddms | 1 Seeddms | 2018-09-28 | 9.0 HIGH | 8.8 HIGH |
| SQL injection vulnerability in the "Users management" functionality in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows authenticated attackers to manipulate an SQL query within the application by sending additional SQL commands to the application server. An attacker can use this vulnerability to perform malicious tasks such as to extract, change, or delete sensitive information within the database supporting the application, and potentially run system commands on the underlying operating system. | |||||
| CVE-2018-0607 | 1 Cybozu | 1 Garoon | 2018-09-24 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in the Notifications application in the Cybozu Garoon 3.5.0 to 4.6.2 allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||||