CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2014(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2014-8295 89 1 Exec Code Sql 2014-10-15 2014-10-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
52 CVE-2014-8294 89 Exec Code Sql 2014-10-15 2014-10-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or (3) Password.
53 CVE-2014-8248 89 Exec Code Sql 2014-12-16 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote authenticated users to execute arbitrary SQL commands via a crafted query.
54 CVE-2014-7981 89 Exec Code Sql 2014-10-08 2014-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
55 CVE-2014-7959 89 Exec Code Sql 2014-11-06 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter.
56 CVE-2014-7871 89 Exec Code Sql 2014-11-21 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.
57 CVE-2014-7868 89 Exec Code Sql 2014-12-04 2019-07-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) OPM_BVNAME parameter in a Delete operation to the APMBVHandler servlet or (2) query parameter in a compare operation to the DataComparisonServlet servlet.
58 CVE-2014-7867 89 Exec Code Sql 2014-12-04 2019-07-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the com.manageengine.opmanager.servlet.UpdateProbeUpgradeStatus servlet in ZOHO ManageEngine OpManager 11.3 and 11.4, IT360 10.3 and 10.4, and Social IT Plus 11.0 allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the probeName parameter.
59 CVE-2014-7201 89 Exec Code Sql 2014-10-10 2014-10-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/.
60 CVE-2014-7176 89 1 Exec Code Sql 2014-11-04 2017-09-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.
61 CVE-2014-7153 89 Exec Code Sql 2014-09-22 2014-09-22
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php.
62 CVE-2014-7137 89 Exec Code Sql 2014-11-21 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4) lineid parameter in a deletecontact action, (5) ligne parameter in a swapstatut action, or (6) ref parameter to projet/contact.php; (7) id parameter to compta/bank/fiche.php, (8) contact/info.php, (9) holiday/index.php, (10) product/stock/fiche.php, (11) product/stock/info.php, or (12) in an edit action to product/stock/fiche.php; (13) productid parameter in an addline action to product/stock/massstockmove.php; (14) project_ref parameter to projet/tasks/note.php; (15) ref parameter to element.php, (16) ganttview.php, (17) note.php, or (18) tasks.php in projet/; (19) sall or (20) sref parameter to comm/mailing/liste.php; (21) search_bon, (22) search_ligne, (23) search_societe, or (24) search_code parameter to compta/prelevement/liste.php; (25) search_label parameter to compta/sociales/index.php; (26) search_project parameter to projet/tasks/index.php; (27) search_societe parameter to compta/prelevement/demandes.php; (28) search_statut parameter to user/index.php; (29) socid parameter to compta/recap-compta.php, (30) societe/commerciaux.php, or (31) societe/rib.php; (32) sortorder, (33) sref, (34) sall, or (35) sortfield parameter to product/stock/liste.php; (36) statut parameter to adherents/liste.php or (37) compta/dons/liste.php; (38) tobuy or (39) tosell parameter to product/liste.php; (40) tobuy, (41) tosell, (42) search_categ, or (43) sref parameter to product/reassort.php; (44) type parameter to product/index.php; or the (a) sortorder or (b) sortfield parameter to (45) compta/paiement/cheque/liste.php, (46) compta/prelevement/bons.php, (47) compta/prelevement/rejets.php, (48) product/stats/commande.php, (49) product/stats/commande_fournisseur.php, (50) product/stats/contrat.php, (51) product/stats/facture.php, (52) product/stats/facture_fournisseur.php, (53) product/stats/propal.php, or (54) product/stock/replenishorders.php.
63 CVE-2014-6295 89 Exec Code Sql 2014-10-03 2014-10-06
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
64 CVE-2014-6293 89 Exec Code Sql 2014-10-03 2014-10-06
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014.
65 CVE-2014-6242 89 1 Exec Code Sql CSRF 2014-10-02 2018-10-09
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the All In One WP Security & Firewall plugin before 3.8.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby or (2) order parameter in the aiowpsec page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
66 CVE-2014-6241 89 Exec Code Sql 2014-09-11 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
67 CVE-2014-6239 89 Exec Code Sql 2014-09-11 2014-09-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
68 CVE-2014-6233 89 Exec Code Sql 2014-09-11 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
69 CVE-2014-6080 89 Exec Code Sql 2014-12-18 2017-09-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
70 CVE-2014-6030 89 Exec Code Sql 2014-11-06 2014-11-06
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.
71 CVE-2014-5521 89 1 Exec Code Sql 2014-09-02 2014-09-03
6.5
None Remote Low Single system Partial Partial Partial
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.
72 CVE-2014-5520 89 1 Exec Code Sql 2014-10-26 2014-10-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.
73 CVE-2014-5503 89 Exec Code Sql 2014-10-07 2014-10-08
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode.
74 CVE-2014-5462 89 Exec Code Sql 2014-12-08 2018-08-23
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edit_layout.php; (2) form_patient_id, (3) form_drug_name, or (4) form_lot_number parameter to interface/reports/prescriptions_report.php; (5) payment_id parameter to interface/billing/edit_payment.php; (6) id parameter to interface/forms_admin/forms_admin.php; (7) form_pid or (8) form_encounter parameter to interface/billing/sl_eob_search.php; (9) sortby parameter to interface/logview/logview.php; form_facility parameter to (10) procedure_stats.php, (11) pending_followup.php, or (12) pending_orders.php in interface/orders/; (13) patient, (14) encounterid, (15) formid, or (16) issue parameter to interface/patient_file/deleter.php; (17) search_term parameter to interface/patient_file/encounter/coding_popup.php; (18) text parameter to interface/patient_file/encounter/search_code.php; (19) form_addr1, (20) form_addr2, (21) form_attn, (22) form_country, (23) form_freeb_type, (24) form_partner, (25) form_name, (26) form_zip, (27) form_state, (28) form_city, or (29) form_cms_id parameter to interface/practice/ins_search.php; (30) form_pid parameter to interface/patient_file/problem_encounter.php; (31) patient, (32) form_provider, (33) form_apptstatus, or (34) form_facility parameter to interface/reports/appointments_report.php; (35) db_id parameter to interface/patient_file/summary/demographics_save.php; (36) p parameter to interface/fax/fax_dispatch_newpid.php; or (37) patient_id parameter to interface/patient_file/reminder/patient_reminders.php.
75 CVE-2014-5458 89 Exec Code Sql 2014-08-25 2015-11-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sqrl_verify.php in php-sqrl allows remote attackers to execute arbitrary SQL commands via the message parameter.
76 CVE-2014-5440 89 Exec Code Sql 2014-09-12 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Login.aspx in MPEX Business Solutions MX-SmartTimer before 13.19.18 allows remote attackers to execute arbitrary SQL commands via the ct100%24CPHContent%24password parameter.
77 CVE-2014-5399 89 Exec Code Sql 2014-08-27 2015-11-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
78 CVE-2014-5389 89 Exec Code Sql 2014-10-06 2015-11-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in content-audit-schedule.php in the Content Audit plugin before 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "Audited content types" option in the content-audit page to wp-admin/options-general.php.
79 CVE-2014-5387 89 Exec Code Sql 2014-11-04 2015-09-08
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php.
80 CVE-2014-5383 89 Exec Code Sql 2014-08-21 2015-09-08
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
81 CVE-2014-5308 89 1 Exec Code Sql 2014-10-08 2014-10-09
9.0
None Remote Low Single system Complete Complete Complete
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.
82 CVE-2014-5275 89 1 Exec Code Sql 2014-10-20 2017-09-07
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter.
83 CVE-2014-5262 89 Exec Code Sql 2014-08-22 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
84 CVE-2014-5249 89 Exec Code Sql 2014-08-14 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
85 CVE-2014-5201 89 Exec Code Sql 2014-08-12 2015-09-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php.
86 CVE-2014-5200 89 Exec Code Sql 2014-08-12 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
87 CVE-2014-5192 89 1 Exec Code Sql 2014-08-07 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter.
88 CVE-2014-5189 89 Exec Code Sql 2014-08-07 2017-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
89 CVE-2014-5186 89 Exec Code Sql 2014-08-06 2014-08-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit action in the allvideogallery_videos page to wp-admin/admin.php.
90 CVE-2014-5185 89 Exec Code Sql 2014-08-06 2014-08-07
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php.
91 CVE-2014-5184 89 Exec Code Sql 2014-08-06 2014-08-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story parameter in an edit action to wp-admin/admin.php.
92 CVE-2014-5183 89 Exec Code Sql 2014-08-06 2014-08-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL commands via the targetmenu parameter in an edit action to wp-admin/admin.php.
93 CVE-2014-5182 89 Exec Code Sql 2014-08-06 2014-08-07
6.0
None Remote Medium Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.
94 CVE-2014-5180 89 Exec Code Sql 2014-08-06 2014-08-07
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the edit action to wp-admin/admin.php.
95 CVE-2014-5159 89 Exec Code Sql 2014-08-21 2014-08-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the ossim-framework service in AlienVault OSSIM before 4.6.0 allows remote attackers to execute arbitrary SQL commands via the ws_data parameter.
96 CVE-2014-5109 89 Exec Code Sql 2014-07-28 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.
97 CVE-2014-5104 89 Exec Code Sql 2014-07-28 2014-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
98 CVE-2014-5102 89 Exec Code Sql 2014-07-25 2015-10-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items.
99 CVE-2014-5097 89 Exec Code Sql 2014-08-22 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php.
100 CVE-2014-5089 89 Exec Code Sql 2014-08-06 2014-08-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter.
Total number of vulnerabilities : 305   Page : 1 2 (This Page)3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.