CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2015(SQL Injection) (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-1372 89 Exec Code Sql 2015-01-27 2015-01-27
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php.
2 CVE-2015-1369 89 Exec Code Sql 2015-01-27 2015-01-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter.
3 CVE-2015-1367 89 Exec Code Sql 2015-01-27 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter.
4 CVE-2015-1364 89 1 Exec Code Sql 2015-01-27 2015-01-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/.
5 CVE-2015-1310 89 Exec Code Sql 2015-01-22 2018-12-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
6 CVE-2015-1055 89 Exec Code Sql 2015-01-16 2019-07-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php.
7 CVE-2015-0919 89 Exec Code Sql 2015-01-08 2015-01-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.
8 CVE-2014-100031 89 Exec Code Sql 2015-01-13 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php.
9 CVE-2014-100022 89 Exec Code Sql 2015-01-13 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php.
10 CVE-2014-100020 89 1 Exec Code Sql 2015-01-13 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685.
11 CVE-2014-100019 89 Exec Code Sql 2015-01-13 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
12 CVE-2014-100011 89 1 Exec Code Sql 2015-01-13 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote attackers to execute arbitrary SQL commands via the c parameter.
13 CVE-2014-100003 89 Exec Code Sql 2015-01-13 2015-03-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI.
14 CVE-2014-10038 89 1 Exec Code Sql 2015-01-13 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter.
15 CVE-2014-10029 89 Exec Code Sql 2015-01-13 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and 1.5.x before 1.5.7 allows remote attackers to execute arbitrary SQL commands via the req_new_email parameter.
16 CVE-2014-10023 89 1 Exec Code Sql 2015-01-13 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/.
17 CVE-2014-10020 89 1 Exec Code Sql 2015-01-13 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter.
18 CVE-2014-10017 89 Exec Code Sql 2015-01-13 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php.
19 CVE-2014-10015 89 Exec Code Sql 2015-01-13 2015-01-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
20 CVE-2014-10013 89 1 Exec Code Sql 2015-01-13 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action.
21 CVE-2014-10004 89 Exec Code Sql 2015-01-13 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
22 CVE-2014-9560 89 Exec Code Sql 2015-01-15 2015-01-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in redir_last_post_list.php in SoftBB 0.1.3 allows remote attackers to execute arbitrary SQL commands via the post parameter.
23 CVE-2014-9528 89 1 Exec Code Sql XSS 2015-01-06 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error.
24 CVE-2014-9520 89 Exec Code Sql 2015-01-05 2015-01-06
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter.
25 CVE-2014-9519 89 Exec Code Sql 2015-01-05 2015-01-06
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter.
26 CVE-2014-9464 89 Exec Code Sql 2015-01-03 2015-01-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
27 CVE-2014-9455 89 Exec Code Sql 2015-01-02 2015-01-06
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
28 CVE-2014-9450 89 Exec Code Sql 2015-01-02 2015-01-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.
29 CVE-2014-9445 89 1 Exec Code Sql XSS 2015-01-02 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
30 CVE-2014-9440 89 1 Exec Code Sql 2015-01-02 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter.
31 CVE-2014-8083 89 Exec Code Sql 2015-01-05 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action.
32 CVE-2014-2839 89 Exec Code Sql 2015-01-12 2018-03-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administrators to execute arbitrary SQL commands via the s parameter in the gd-star-rating-stats page to wp-admin/admin.php.
33 CVE-2012-5853 89 Exec Code Sql 2015-01-07 2015-01-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php.
34 CVE-2011-5313 89 Exec Code Sql 2015-01-01 2015-01-02
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program.
35 CVE-2011-5308 89 Exec Code Sql 2015-01-01 2015-03-24
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2) cdnvote_point parameter.
36 CVE-2010-5317 89 Exec Code Sql 2015-01-03 2015-01-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the post parameter in a show_comment action, (3) the sys-name parameter in an rssfeed action, or (4) the sys-name parameter in a view action.
Total number of vulnerabilities : 36   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.