Search Results (19792 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-3524 1 Simpilotgroup 1 Pop Up News 2025-04-11 N/A
SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS.
CVE-2013-3525 1 Bestpractical 1 Request Tracker 2025-04-11 N/A
SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims.
CVE-2009-4711 2 Jan Bednarik, Typo3 2 Cooluri, Typo3 2025-04-11 N/A
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686.
CVE-2009-4721 1 Andrews-web 1 Aw-bannerad 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Admin/index.asp in Andrews-Web (A-W) BannerAd 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters. NOTE: some of these details are obtained from third party information.
CVE-2013-3527 1 Vanillaforums 1 Vanilla 2025-04-11 N/A
Multiple SQL injection vulnerabilities in Vanilla Forums before 2.0.18.8 allow remote attackers to execute arbitrary SQL commands via the parameter name in the Form/Email array to (1) entry/signin or (2) entry/passwordrequest.
CVE-2013-3530 2 Fabricio Zuardi, Wordpress 2 Xspf Player Plugin, Wordpress 2025-04-11 N/A
SQL injection vulnerability in playlist.php in the Spiffy XSPF Player plugin 0.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.
CVE-2013-3532 2 Webdorado, Wordpress 2 Spider Video Player, Wordpress 2025-04-11 N/A
SQL injection vulnerability in settings.php in the Web Dorado Spider Video Player plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the theme parameter.
CVE-2009-4892 1 Webjump 1 Webjump\! 2025-04-11 N/A
SQL injection vulnerability in Content Management System WEBjump! allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) portfolio_genre.php and (2) news_id.php.
CVE-2013-3536 1 Whmcs 2 Group Pay, Whmcs 2025-04-11 N/A
SQL injection vulnerability in the gp_LoadUserFromHash function in functions_hash.php in the Group Pay module 1.5 and earlier for WHMCS allows remote attackers to execute arbitrary SQL commands via the hash parameter.
CVE-2013-3537 1 Wesley Destailleur 1 Todoo Forum 2025-04-11 N/A
Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter.
CVE-2011-4292 1 Moodle 1 Moodle 2025-04-11 N/A
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.
CVE-2010-4891 2 Andreas Kiefer, Typo3 2 Ke Yac, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-4950 2 Joachim Ruhs, Typo3 2 Event, Typo3 2025-04-11 N/A
SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-2338 1 Vunet 1 Vu Web Visitor Analyst 2025-04-11 N/A
Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-0723 1 Mhproducts 1 Ero Auktion 2025-04-11 N/A
SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2011-0553 1 Symantec 1 Im Manager 2025-04-11 N/A
SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2010-1363 2 Extremejoomla, Joomla 2 Com J-projects, Joomla\! 2025-04-11 N/A
SQL injection vulnerability in the JProjects (com_j-projects) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the project parameter in a projects action to index.php.
CVE-2010-2312 1 Hauntmax 1 Haunted House Directory Listing Cms 2025-04-11 N/A
SQL injection vulnerability in index.php in HauntmAx Haunted House Directory Listing CMS allows remote attackers to execute arbitrary SQL commands via the state parameter in a listings action.
CVE-2011-4026 1 Xia Zuojie 1 Nexusphp 2025-04-11 N/A
SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2010-2436 1 Anecms 1 Anecms Blog 2025-04-11 N/A
SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.