Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-89
Total 9311 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-5525 1 Cisco 1 Identity Services Engine Software 2017-08-28 6.5 MEDIUM N/A
SQL injection vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502.
CVE-2013-6311 1 Ibm 1 Marketing Platform 2017-08-28 6.5 MEDIUM N/A
SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-5673 2 Indianic, Wordpress 2 Testimonial Plugin, Wordpress 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php.
CVE-2013-6341 1 Dokeos 1 Dokeos 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.
CVE-2012-3791 1 Cms-center 1 Simple Web Content Management System 2017-08-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/; or (6) status parameter to admin/item_status.php.
CVE-2012-3820 1 Arialsoftware 1 Campaign Enterprise 2017-08-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field to activate.asp or (2) UID field to User-Edit.asp.
CVE-2012-3834 1 Alienvault 1 Open Source Security Information Management 2017-08-28 6.5 MEDIUM N/A
SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.
CVE-2012-3839 1 Myclientbase 1 Myclientbase 2017-08-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search.
CVE-2012-3953 1 Phplist 1 Phplist 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.
CVE-2012-4055 1 Uiga 1 Fan Club 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2012-4772 1 Intelliants 1 Subrion Cms 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter.
CVE-2012-4925 1 Imgpals 1 Img Pals Photo Host 2017-08-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2012-4927 1 Limesurvey 1 Limesurvey 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
CVE-2012-4949 1 Esri 1 Arcgis 2017-08-28 6.5 MEDIUM N/A
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
CVE-2012-4951 1 Verifone 1 Vericentre Web Console 2017-08-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter.
CVE-2012-4990 1 Openx 1 Openx 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action.
CVE-2012-4994 1 Limesurvey 1 Limesurvey 2017-08-28 6.5 MEDIUM N/A
SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NOTE: some of these details are obtained from third party information.
CVE-2012-5167 1 Atutor 1 Acontent 2017-08-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_submit.php or (2) user/index_inline_editor_submit.php; or (3) id parameter to user/user_password.php.
CVE-2012-5333 1 Preprojects 1 Pre Printing Press 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2012-5648 1 Theforeman 1 Foreman 2017-08-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/models/puppetclass.rb, related to the search mechanism.