CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-89

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-9348 89 1 Exec Code Sql 2014-12-08 2014-12-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php.
2 CVE-2014-9347 89 1 Exec Code Sql 2014-12-08 2014-12-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter.
3 CVE-2014-9345 89 1 Exec Code Sql 2014-12-08 2014-12-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a list_zone action to cgi/client.cgi.
4 CVE-2014-9305 89 1 Exec Code Sql 2014-12-08 2014-12-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-admin/admin-ajax.php.
5 CVE-2014-9258 89 1 Exec Code Sql 2014-12-19 2014-12-19
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
6 CVE-2014-9242 89 Exec Code Sql 2014-12-03 2014-12-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
7 CVE-2014-9240 89 Exec Code Sql 2014-12-03 2014-12-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action.
8 CVE-2014-9239 89 Exec Code Sql 2014-12-03 2014-12-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.
9 CVE-2014-9237 89 Exec Code Sql 2014-12-03 2014-12-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request.
10 CVE-2014-9235 89 Exec Code Sql 2014-12-03 2014-12-05
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.
11 CVE-2014-9220 89 Exec Code Sql 2014-12-02 2014-12-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.
12 CVE-2014-9215 89 Exec Code Sql 2014-12-05 2014-12-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email parameter in the forget page vector is already covered by CVE-2012-4034.2.
13 CVE-2014-9178 89 1 Exec Code Sql 2014-12-02 2014-12-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function.
14 CVE-2014-9175 89 1 Exec Code Sql 2014-12-02 2014-12-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php.
15 CVE-2014-9173 89 1 Exec Code Sql 2014-12-02 2014-12-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
16 CVE-2014-9102 89 Exec Code Sql 2014-11-26 2014-12-05
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics[] parameter in an unfavorite action to index.php.
17 CVE-2014-9097 89 Exec Code Sql 2014-11-26 2014-11-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the playlistId parameter in the newplaylist page or (3) videoId parameter in a newvideo page to wp-admin/admin.php.
18 CVE-2014-9096 89 Exec Code Sql 2014-11-26 2014-11-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.
19 CVE-2014-9095 89 Exec Code Sql 2014-11-26 2014-11-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.
20 CVE-2014-9089 89 Exec Code Sql 2014-11-28 2014-11-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.
21 CVE-2014-9057 89 Exec Code Sql 2014-12-16 2014-12-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
22 CVE-2014-9005 89 1 Exec Code Sql 2014-11-20 2014-11-20
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php.
23 CVE-2014-8999 89 Exec Code Sql 2014-11-20 2014-11-24
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.
24 CVE-2014-8995 89 Exec Code Sql 2014-11-20 2014-11-20
5.0
None Remote Low Not required None Partial None
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.
25 CVE-2014-8766 89 Exec Code Sql 2014-10-14 2014-10-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in a browse action to index.php or (2) unspecified parameters to admin.php.
26 CVE-2014-8728 89 1 Exec Code Sql 2014-12-02 2014-12-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter.
27 CVE-2014-8682 89 1 Exec Code Sql 2014-11-21 2014-11-24
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.
28 CVE-2014-8681 89 1 Exec Code Sql 2014-11-21 2014-11-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.
29 CVE-2014-8668 89 Exec Code Sql 2014-11-06 2014-11-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
30 CVE-2014-8664 89 Exec Code Sql 2014-11-06 2014-11-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
31 CVE-2014-8663 89 Exec Code Sql 2014-11-06 2014-11-06
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
32 CVE-2014-8596 89 1 Exec Code Sql 2014-11-17 2014-11-17
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.
33 CVE-2014-8588 89 Exec Code Sql 2014-11-04 2014-11-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
34 CVE-2014-8586 89 1 Exec Code Sql 2014-11-04 2014-11-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.
35 CVE-2014-8554 89 Exec Code Sql 2014-11-13 2014-11-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609.
36 CVE-2014-8507 89 Exec Code Sql 2014-12-15 2014-12-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135.
37 CVE-2014-8506 89 Exec Code Sql 2014-10-28 2014-10-28
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Etiko CMS allow remote attackers to execute arbitrary SQL commands via the (1) page_id parameter to loja/index.php or (2) article_id parameter to index.php.
38 CVE-2014-8499 89 1 Exec Code Sql 2014-11-17 2014-11-17
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc.
39 CVE-2014-8498 89 1 Exec Code Sql 2014-11-17 2014-11-17
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.
40 CVE-2014-8375 89 Exec Code Sql 2014-10-21 2014-10-24
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php.
41 CVE-2014-8367 89 Exec Code Sql 2014-11-25 2014-12-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
42 CVE-2014-8366 89 Exec Code Sql 2014-10-20 2014-10-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php.
43 CVE-2014-8363 89 Exec Code Sql 2014-10-20 2014-10-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
44 CVE-2014-8351 89 Exec Code Sql 2014-11-06 2014-11-06
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter.
45 CVE-2014-8340 89 Exec Code Sql 2014-12-16 2014-12-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Php/Functions/log_function.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header.
46 CVE-2014-8339 89 Exec Code Sql 2014-11-04 2014-12-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter.
47 CVE-2014-8306 89 Exec Code Sql 2014-10-16 2014-12-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter.
48 CVE-2014-8295 89 1 Exec Code Sql 2014-10-15 2014-10-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
49 CVE-2014-8294 89 Exec Code Sql 2014-10-15 2014-10-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or (3) Password.
50 CVE-2014-8248 89 Exec Code Sql 2014-12-16 2014-12-17
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query.
Total number of vulnerabilities : 3925   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.