Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-89
Total 9311 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-1911 1 Chatelao 1 Php Address Book 2017-08-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
CVE-2012-1934 1 Sourcefabric 1 Newscoop 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter.
CVE-2012-2105 1 Peter Kovacs 1 Timesheet Next Gen 2017-08-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
CVE-2012-2115 1 Open-emr 1 Openemr 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.
CVE-2012-2171 1 Ibm 18 Ds4100, Ds4200, Ds4300 and 15 more 2017-08-28 6.5 MEDIUM N/A
SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to the ModuleServlet URI.
CVE-2012-1074 1 Typo3 2 Mm Whtppr, Typo3 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-2601 1 Ipswitch 1 Whatsup Gold 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter.
CVE-2012-2925 1 Simple Php Agenda 1 Simple Php Agenda 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action.
CVE-2012-1072 1 Typo3 2 Toi Category, Typo3 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2012-2718 2 Drupal, Drupal-id 2 Drupal, Counter Module 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits."
CVE-2012-3435 1 Zabbix 1 Zabbix 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
CVE-2012-1780 1 Socialcms 1 Socialcms 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in search.php in SocialCMS 1.0.5 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2012-1218 1 Freelancerkit 1 Freelancerkit 2017-08-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (1) notes and (2) tickets components.
CVE-2012-2762 1 S9y 1 Serendipity 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.
CVE-2012-3000 1 F5 10 Big-ip Access Policy Manager, Big-ip Analytics, Big-ip Application Security Manager and 7 more 2017-08-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter.
CVE-2012-2937 1 Pligg 1 Pligg Cms 2017-08-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple_messaging module.
CVE-2012-2908 1 Viscacha 1 Viscacha 2017-08-28 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscacha 0.8.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) bbcodeexample, (2) buttonimage, or (3) bbcodetag parameter.
CVE-2012-2952 1 Jaow 1 Jaow 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the add_ons parameter.
CVE-2012-2923 1 Hypermethod 1 Elearning Server 2017-08-28 7.5 HIGH N/A
SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter.
CVE-2012-2956 1 Spiceworks 1 Spiceworks 2017-08-28 6.5 MEDIUM N/A
SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS.