Search Results (19866 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2011-4570 2 Joomla, Takeaweb 2 Joomla\!, Com Timereturns 2025-04-11 N/A
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php.
CVE-2010-4910 1 Coldgen 1 Coldcalendar 2025-04-11 N/A
SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action.
CVE-2013-4748 2 Georg Ringer, Typo3 2 News, Typo3 2025-04-11 N/A
SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4908 1 Virtuenetz 1 Virtue Shopping Mall 2025-04-11 N/A
SQL injection vulnerability in detail.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the prodid parameter.
CVE-2010-4902 2 Joomla, Joomla-clantools 2 Joomla\!, Clantools 2025-04-11 N/A
Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php.
CVE-2010-1044 1 Manageengine 1 Oputils 2025-04-11 N/A
SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter.
CVE-2011-4672 1 Valid 1 Tiny-erp 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php.
CVE-2010-1047 1 Masa2el 1 Music City 2025-04-11 N/A
SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a singer action.
CVE-2012-1626 2 Drupal, Karen Stevenson 2 Drupal, Date 2025-04-11 N/A
SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors.
CVE-2011-4674 1 Zabbix 1 Zabbix 2025-04-11 N/A
SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.
CVE-2010-3404 1 Eshtery.she7ata 1 Eshtery Cms 2025-04-11 N/A
Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx.
CVE-2012-2325 1 Mybb 1 Mybb 2025-04-11 N/A
SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1053 1 Zentracking 1 Zen Time Tracking 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php. NOTE: some of these details are obtained from third party information.
CVE-2009-4669 1 Beaussier 1 Roomphplanning 2025-04-11 N/A
Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the loginus parameter to Login.php or (2) the Old Password field to changepwd.php, and allow (3) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/userform.php.
CVE-2010-1743 1 Satyadeep 1 Scratcher 2025-04-11 N/A
SQL injection vulnerability in projects.php in Scratcher allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-1740 1 Freeguppy 1 Guppy 2025-04-11 N/A
SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter.
CVE-2010-0761 1 Commodityrentals 1 Books\/ebooks Rentals Script 2025-04-11 N/A
SQL injection vulnerability in index.php in CommodityRentals Books/eBooks Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a gamecatalog action.
CVE-2011-2181 1 Reallysimplechat 1 Really Simple Chat 2025-04-11 N/A
Multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC) 3.3-rc2 allow remote attackers to execute arbitrary SQL commands via the (1) arsc_user parameter to base/admin/edit_user.php, (2) arsc_layout_id parameter in base/admin/edit_layout.php, or (3) arsc_room parameter to base/admin/edit_room.php.
CVE-2014-1206 1 Openwebanalytics 1 Open Web Analytics 2025-04-11 N/A
SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.
CVE-2014-1204 1 Tableausoftware 1 Tableau Server 2025-04-11 N/A
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled.