CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-5078 89 Exec Code Sql 2015-06-28 2015-06-29
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the closedate parameter.
2 CVE-2015-4713 89 Exec Code Sql 2015-06-22 2015-06-23
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php.
3 CVE-2015-4678 89 Exec Code Sql 2015-06-19 2015-06-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI.
4 CVE-2015-4676 89 Exec Code Sql 2015-06-19 2015-06-22
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in ticket.php in TickFa 1.x allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a read action.
5 CVE-2015-4658 89 Exec Code Sql 2015-06-18 2015-06-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter.
6 CVE-2015-4654 89 Exec Code Sql 2015-06-18 2015-06-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent.
7 CVE-2015-4628 89 Exec Code Sql 2015-06-18 2015-06-18
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter.
8 CVE-2015-4613 89 Exec Code Sql 2015-06-16 2015-06-17
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the backend module in the Developer Log (devlog) extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors.
9 CVE-2015-4612 89 Exec Code Sql 2015-06-16 2015-06-17
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the "FAQ - Frequently Asked Questions" (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
10 CVE-2015-4611 89 Exec Code Sql 2015-06-16 2015-06-17
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
11 CVE-2015-4610 89 Exec Code Sql 2015-06-16 2015-06-17
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the Store Locator (locator) extension before 3.3.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
12 CVE-2015-4609 89 Exec Code Sql 2015-06-16 2015-06-17
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
13 CVE-2015-4454 89 Exec Code Sql 2015-06-17 2015-06-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.
14 CVE-2015-4348 89 Exec Code Sql 2015-06-15 2015-06-25
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL commands via unspecified vectors.
15 CVE-2015-4342 89 Exec Code Sql 2015-06-17 2015-06-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.
16 CVE-2015-4222 89 Exec Code Sql 2015-06-26 2015-06-26
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuq46325.
17 CVE-2015-4208 89 Sql +Info 2015-06-24 2015-06-24
7.5
None Remote Low Not required Partial Partial Partial
Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398.
18 CVE-2015-4188 89 Exec Code Sql 2015-06-17 2015-06-17
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104.
19 CVE-2015-4160 89 Exec Code Sql 2015-06-02 2015-06-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278.
20 CVE-2015-4159 89 Exec Code Sql 2015-06-02 2015-06-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892.
21 CVE-2015-4137 89 Exec Code Sql 2015-05-29 2015-06-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter.
22 CVE-2015-4119 352 Sql CSRF 2015-06-15 2015-06-17
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in ISPConfig before 3.0.5.4p7 allow remote attackers to hijack the authentication of (1) administrators for requests that create an administrator account via a request to admin/users_edit.php or (2) arbitrary users for requests that conduct SQL injection attacks via the server parameter to monitor/show_sys_state.php.
23 CVE-2015-4118 89 Exec Code Sql 2015-06-15 2015-06-17
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2.
24 CVE-2015-4109 89 Exec Code Sql 2015-06-09 2015-06-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) action to wp-admin/admin-ajax.php.
25 CVE-2015-4066 89 Exec Code Sql 2015-05-27 2015-06-02
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add action in the gigpress.php page to wp-admin/admin.php.
26 CVE-2015-4064 89 Exec Code Sql 2015-05-27 2015-05-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php.
27 CVE-2015-4062 89 Exec Code Sql 2015-05-27 2015-05-28
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
28 CVE-2015-4018 89 Exec Code Sql 2015-05-21 2015-06-25
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.
29 CVE-2015-3993 89 Sql Bypass 2015-06-13 2015-06-15
6.5
None Remote Low Single system Partial Partial Partial
Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table.
30 CVE-2015-3980 89 Exec Code Sql 2015-05-12 2015-05-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534.
31 CVE-2015-3427 89 Sql 2015-05-14 2015-05-15
7.5
None Remote Low Not required Partial Partial Partial
Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash) in a message. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4422.
32 CVE-2015-3346 89 Exec Code Sql 2015-04-21 2015-04-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
33 CVE-2015-3345 89 Exec Code Sql 2015-04-21 2015-04-22
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList database."
34 CVE-2015-3325 89 Exec Code Sql 2015-05-15 2015-06-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI.
35 CVE-2015-2999 89 Exec Code Sql 2015-06-08 2015-06-09
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report or an (3) ActiveRequests report to /genericreport, (4) dir parameter to HelpDesk.jsp, or (5) grantSQL parameter to RFCGantt.jsp.
36 CVE-2015-2956 89 Exec Code Sql 2015-06-13 2015-06-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
37 CVE-2015-2843 89 Exec Code Sql 2015-05-12 2015-05-14
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/.
38 CVE-2015-2824 89 Exec Code Sql 2015-04-06 2015-04-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sam-ajax-admin.php.
39 CVE-2015-2803 89 Exec Code Sql 2015-06-17 2015-06-25
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter.
40 CVE-2015-2679 89 1 Exec Code Sql 2015-03-23 2015-03-24
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php.
41 CVE-2015-2564 89 1 Exec Code Sql 2015-03-20 2015-03-23
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php.
42 CVE-2015-2563 89 Exec Code Sql 2015-03-20 2015-03-23
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157.
43 CVE-2015-2562 89 Exec Code Sql 2015-03-20 2015-03-23
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php.
44 CVE-2015-2314 89 Exec Code Sql 2015-03-17 2015-03-27
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed.
45 CVE-2015-2293 352 Sql CSRF 2015-03-17 2015-03-18
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote attackers to hijack the authentication of certain users for requests that conduct SQL injection attacks via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page.
46 CVE-2015-2292 89 Exec Code Sql CSRF 2015-03-17 2015-03-17
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
47 CVE-2015-2242 89 Exec Code Sql 2015-03-09 2015-03-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the (1) termid or (2) nyelv_id parameter to index.php.
48 CVE-2015-2237 89 Exec Code Sql 2015-03-12 2015-03-13
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php.
49 CVE-2015-2216 89 1 Exec Code Sql 2015-03-05 2015-03-18
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter.
50 CVE-2015-2199 89 1 Exec Code Sql 2015-03-03 2015-03-04
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.
Total number of vulnerabilities : 6248   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.