CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012(SQL Injection)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complex ity Authen tication Confiden tiality Integrity Availa bility
1 CVE-2012-2925 89 1 Exec Code Sql 2012-05-21 2012-05-22
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action.
2 CVE-2012-2923 89 1 Exec Code Sql 2012-05-21 2012-05-22
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter.
3 CVE-2012-2908 89 1 Exec Code Sql 2012-05-21 2012-05-22
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscacha 0.8.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) bbcodeexample, (2) buttonimage, or (3) bbcodetag parameter.
4 CVE-2012-2338 89 Exec Code Sql 2012-05-21 2012-05-22
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php.
5 CVE-2012-2311 89 Exec Code Sql 2012-05-11 2012-05-11
7.5
 None Remote Low Not required Partial Partial Partial
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
6 CVE-2012-2236 89 Exec Code Sql 2012-04-20 2012-04-20
6.5
 None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action.
7 CVE-2012-2007 89 Exec Code Sql 2012-05-09 2012-05-10
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
8 CVE-2012-1784 89 1 Exec Code Sql 2012-03-19 2012-03-20
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter in a profile action to index.php.
9 CVE-2012-1780 89 1 Exec Code Sql 2012-03-19 2012-03-20
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php in SocialCMS 1.0.5 allows remote attackers to execute arbitrary SQL commands via the category parameter.
10 CVE-2012-1778 89 1 Exec Code Sql 2012-03-19 2012-03-20
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in artykul_print.php in CreateVision CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
11 CVE-2012-1777 89 Exec Code Sql 2012-04-05 2012-04-05
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.
12 CVE-2012-1673 89 1 Exec Code Sql 2012-04-11 2012-04-11
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in loginscript.php in e-ticketing allows remote attackers to execute arbitrary SQL commands via the password parameter.
13 CVE-2012-1672 89 1 Exec Code Sql 2012-04-11 2012-04-11
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 allows remote attackers to execute arbitrary SQL commands via the country parameter.
14 CVE-2012-1557 89 Exec Code Sql 2012-03-12 2012-03-14
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012.
15 CVE-2012-1294 89 1 Exec Code Sql 2012-02-23 2012-02-24
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
16 CVE-2012-1234 89 Exec Code Sql 2012-02-21 2012-02-23
6.5
 None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234.
17 CVE-2012-1225 89 Exec Code Sql 2012-02-21 2012-02-24
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.
18 CVE-2012-1218 89 Exec Code Sql 2012-02-21 2012-02-24
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (1) notes and (2) tickets components.
19 CVE-2012-1210 89 1 Exec Code Sql 2012-02-24 2012-02-24
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
20 CVE-2012-1077 89 Exec Code Sql 2012-02-14 2012-02-15
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
21 CVE-2012-1075 89 Exec Code Sql 2012-02-14 2012-02-24
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
22 CVE-2012-1074 89 Exec Code Sql 2012-02-14 2012-02-15
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
23 CVE-2012-1072 89 Exec Code Sql 2012-02-14 2012-02-24
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
24 CVE-2012-1071 89 Exec Code Sql 2012-02-14 2012-02-15
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012.
25 CVE-2012-1067 89 Exec Code Sql 2012-02-14 2012-02-15
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in an rc-content action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
26 CVE-2012-1063 89 1 Exec Code Sql 2012-02-13 2012-02-14
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do.
27 CVE-2012-1061 89 Exec Code Sql 2012-02-13 2012-02-14
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in GForge Advanced Server 6.0.0 and other versions before 6.0.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
28 CVE-2012-1029 89 2 Exec Code Sql 2012-02-07 2012-02-24
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information.
29 CVE-2012-1026 89 1 Exec Code Sql 2012-02-07 2012-02-24
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
30 CVE-2012-1022 89 1 Exec Code Sql 2012-02-07 2012-02-08
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id parameter in an addcat action.
31 CVE-2012-1017 89 1 Exec Code Sql 2012-02-07 2012-02-14
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9] parameters.
32 CVE-2012-0999 89 Exec Code Sql 2012-02-24 2012-02-24
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter.
33 CVE-2012-0994 89 Exec Code Sql 2012-02-21 2012-02-21
6.0
 None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.
34 CVE-2012-0983 89 1 Exec Code Sql 2012-02-02 2012-02-15
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
35 CVE-2012-0982 89 1 Exec Code Sql 2012-02-02 2012-02-15
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the price_from parameter.
36 CVE-2012-0980 89 1 Exec Code Sql 2012-02-02 2012-02-08
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter.
37 CVE-2012-0935 89 1 Exec Code Sql 2012-01-28 2012-01-30
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter.
38 CVE-2012-0913 89 1 Exec Code Sql 2012-01-24 2012-01-25
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote attackers to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information.
39 CVE-2012-0912 89 Exec Code Sql 2012-01-24 2012-01-24
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
40 CVE-2012-0906 89 1 Exec Code Sql 2012-01-20 2012-01-23
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php.
41 CVE-2012-0905 89 1 Exec Code Sql 2012-01-20 2012-02-03
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php.
42 CVE-2012-0831 89 Sql 2012-02-10 2012-02-24
7.5
 None Remote Low Not required Partial Partial Partial
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and sapi/fpm/fpm/fpm_main.c.
43 CVE-2012-0401 89 Exec Code Sql 2012-03-20 2012-04-17
6.5
 None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
44 CVE-2012-0337 89 Exec Code Sql 2012-05-02 2012-05-11
6.5
 None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939.
45 CVE-2012-0293 89 Exec Code Sql 2012-03-17 2012-03-19
6.8
 None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Symantec Altiris WISE Package Studio before 8.0MR1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
46 CVE-2012-0244 89 Exec Code Sql 2012-02-21 2012-02-21
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input.
47 CVE-2012-0234 89 Exec Code Sql 2012-02-21 2012-02-21
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL.
48 CVE-2012-0226 89 Exec Code Sql 2012-04-02 2012-04-03
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
49 CVE-2012-0199 89 Exec Code Sql 2012-03-05 2012-03-06
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file.
50 CVE-2012-0069 89 Exec Code Sql 2012-01-24 2012-01-24
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter.
Total number of vulnerabilities : 67   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritive source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritive source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritive source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.