CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-2102 89 1 Exec Code Sql 2015-02-27 2015-03-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.
2 CVE-2015-2090 89 1 Exec Code Sql 2015-02-26 2015-02-26
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.
3 CVE-2015-2070 89 1 Exec Code Sql 2015-02-24 2015-02-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed.
4 CVE-2015-2066 89 Exec Code Sql 2015-02-24 2015-02-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php.
5 CVE-2015-2065 89 1 Exec Code Sql 2015-02-24 2015-02-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php.
6 CVE-2015-2035 89 Exec Code Sql 2015-02-20 2015-02-23
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote adminsitrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php.
7 CVE-2015-1616 89 Exec Code Sql 2015-02-17 2015-02-18
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors.
8 CVE-2015-1605 89 Exec Code Sql 2015-02-24 2015-02-25
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) GetClientPackage.aspx or (2) GetProcessedPackage.aspx.
9 CVE-2015-1576 89 Exec Code Sql 2015-02-11 2015-02-12
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ parameter to u5admin/meta2.php; or (9) newname parameter to u5admin/rename2.php.
10 CVE-2015-1518 89 1 Exec Code Sql 2015-02-11 2015-02-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the search_post function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter.
11 CVE-2015-1517 89 Exec Code Sql 2015-02-20 2015-02-23
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
12 CVE-2015-1514 89 Exec Code Sql 2015-02-06 2015-02-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow (1) remote attackers to execute arbitrary SQL commands via the device ID REST parameter (PATH_INFO) to /ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the order parameter to index.php.
13 CVE-2015-1513 89 Exec Code Sql 2015-02-06 2015-02-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username.
14 CVE-2015-1479 89 1 Exec Code Sql 2015-02-04 2015-02-06
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.
15 CVE-2015-1477 89 1 Exec Code Sql 2015-02-04 2015-02-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewad task to classifieds/offerring-ads.
16 CVE-2015-1476 89 1 Exec Code Sql 2015-02-04 2015-02-04
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php.
17 CVE-2015-1471 89 Exec Code Sql 2015-02-12 2015-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI.
18 CVE-2015-1467 89 Exec Code Sql 2015-02-06 2015-02-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.
19 CVE-2015-1450 89 Exec Code Sql 2015-02-02 2015-02-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Restaurant Biller allows remote attackers to execute arbitrary SQL commands via the cid parameter in a category action to index.php.
20 CVE-2015-1442 89 Exec Code Sql 2015-02-06 2015-02-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. NOTE: The article_id parameter to zero_view_article.php vector is already covered by CVE-2014-4034.
21 CVE-2015-1441 89 Exec Code Sql 2015-02-03 2015-02-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
22 CVE-2015-1434 89 Exec Code Sql 2015-02-16 2015-02-17
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.
23 CVE-2015-1428 89 1 Exec Code Sql 2015-02-03 2015-02-04
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php.
24 CVE-2015-1423 89 1 Exec Code Sql 2015-01-29 2015-01-30
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php.
25 CVE-2015-1405 89 Exec Code Sql 2015-02-03 2015-02-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
26 CVE-2015-1403 89 Exec Code Sql 2015-02-03 2015-02-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
27 CVE-2015-1400 89 Exec Code Sql 2015-02-03 2015-02-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter.
28 CVE-2015-1393 89 Exec Code Sql 2015-02-02 2015-02-04
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php.
29 CVE-2015-1374 352 Sql XSS CSRF 2015-01-27 2015-01-27
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cross-site scripting (XSS), (2) SQL injection, or (3) unrestricted file upload attacks.
30 CVE-2015-1372 89 Exec Code Sql 2015-01-27 2015-01-27
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php.
31 CVE-2015-1369 89 Exec Code Sql 2015-01-27 2015-01-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter.
32 CVE-2015-1367 89 Exec Code Sql 2015-01-27 2015-01-27
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter.
33 CVE-2015-1364 89 1 Exec Code Sql 2015-01-27 2015-01-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/.
34 CVE-2015-1310 89 Exec Code Sql 2015-01-22 2015-01-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
35 CVE-2015-1055 89 Exec Code Sql 2015-01-16 2015-01-20
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php.
36 CVE-2015-0919 89 Exec Code Sql 2015-01-08 2015-01-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.
37 CVE-2015-0580 89 Exec Code Sql 2015-02-11 2015-02-18
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL commands via crafted HTTPS requests, aka Bug ID CSCuq79027.
38 CVE-2014-10038 89 1 Exec Code Sql 2015-01-13 2015-01-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter.
39 CVE-2014-10034 89 1 Exec Code Sql 2015-01-13 2015-01-14
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/.
40 CVE-2014-10033 89 1 Exec Code Sql 2015-01-13 2015-01-14
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
41 CVE-2014-10032 89 1 Exec Code Sql 2015-01-13 2015-01-14
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
42 CVE-2014-10029 89 Exec Code Sql 2015-01-13 2015-01-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.
43 CVE-2014-10023 89 1 Exec Code Sql 2015-01-13 2015-01-13
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/.
44 CVE-2014-10020 89 1 Exec Code Sql 2015-01-13 2015-01-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter.
45 CVE-2014-10017 89 Exec Code Sql 2015-01-13 2015-01-13
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php.
46 CVE-2014-10015 89 Exec Code Sql 2015-01-13 2015-01-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
47 CVE-2014-10013 89 1 Exec Code Sql 2015-01-13 2015-01-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action.
48 CVE-2014-10004 89 Exec Code Sql 2015-01-13 2015-01-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
49 CVE-2014-100019 89 Exec Code Sql 2015-01-13 2015-01-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
50 CVE-2014-9573 89 Exec Code Sql 2015-01-26 2015-01-26
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.
Total number of vulnerabilities : 6175   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.