SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.10%
Published
2014-12-08
Updated
2017-09-08
SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.12%
Published
2014-12-08
Updated
2017-09-08
SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a list_zone action to cgi/client.cgi.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.15%
Published
2014-12-08
Updated
2014-12-09
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-admin/admin-ajax.php.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.17%
Published
2014-12-08
Updated
2014-12-09
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.63%
Published
2014-12-19
Updated
2015-04-18
bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.11%
Published
2014-12-31
Updated
2015-01-03
SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.14%
Published
2014-12-03
Updated
2014-12-05
SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register action.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.13%
Published
2014-12-03
Updated
2014-12-05
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote attackers to execute arbitrary SQL commands via the id[] parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.15%
Published
2014-12-03
Updated
2020-06-03
SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.14%
Published
2014-12-03
Updated
2014-12-05
Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.php or (2) user.php or the (3) location_id parameter to photos.php in php/.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.12%
Published
2014-12-03
Updated
2014-12-05
SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.17%
Published
2014-12-03
Updated
2018-10-30
SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email parameter in the forget page vector is already covered by CVE-2012-4034.2.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.12%
Published
2014-12-05
Updated
2018-10-09
Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.82%
Published
2014-12-02
Updated
2018-10-09
SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.17%
Published
2014-12-02
Updated
2017-09-08
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.17%
Published
2014-12-02
Updated
2017-09-08
SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.11%
Published
2014-12-23
Updated
2014-12-23
Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics[] parameter in an unfavorite action to index.php.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.18%
Published
2014-11-26
Updated
2014-12-05
Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php or (2) remote authenticated users to execute arbitrary SQL commands via the playlistId parameter in the newplaylist page or (3) videoId parameter in a newvideo page to wp-admin/admin.php.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.22%
Published
2014-11-26
Updated
2014-11-28
Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.38%
Published
2014-11-26
Updated
2014-11-28
Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.09%
Published
2014-11-26
Updated
2017-11-08
Multiple SQL injection vulnerabilities in view_all_bug_page.php in MantisBT before 1.2.18 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to view_all_set.php.
Source: MITRE
Max CVSS
7.5
EPSS Score
1.28%
Published
2014-11-28
Updated
2017-01-03
SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.12%
Published
2014-12-16
Updated
2015-11-17
Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search action to index.php.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.17%
Published
2014-11-20
Updated
2017-09-08
SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.15%
Published
2014-11-20
Updated
2014-11-24
304 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!