Export limit exceeded: 19557 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19557 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-9288 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| In framework/modules/navigation/controllers/navigationController.php in Exponent CMS v2.4.0 or older, the parameter "target" of function "DragnDropReRank" is directly used without any filtration which caused SQL injection. The payload can be used like this: /navigation/DragnDropReRank/target/1. | ||||
| CVE-2014-4307 | 1 Webtitan | 1 Webtitan | 2025-04-12 | N/A |
| SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter. | ||||
| CVE-2015-2866 | 1 Grandstream | 2 Gxv3611 Hd, Gxv3611 Hd Firmware | 2025-04-12 | N/A |
| SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET session with a crafted username. | ||||
| CVE-2015-1364 | 1 Freereprintables | 1 Articlefr | 2025-04-12 | N/A |
| SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/. | ||||
| CVE-2014-3996 | 1 Manageengine | 3 Desktop Central, It360, Password Manager Pro | 2025-04-12 | N/A |
| SQL injection vulnerability in the LinkViewFetchServlet servlet in ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90043, Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7 build 7003, IT360 and IT360 Managed Service Providers (MSP) edition before 10.3.3 build 10330, and possibly other ManageEngine products, allows remote attackers or remote authenticated users to execute arbitrary SQL commands via the sv parameter to LinkViewFetchServlet.dat. | ||||
| CVE-2015-1367 | 1 Catbot Project | 1 Catbot | 2025-04-12 | N/A |
| SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter. | ||||
| CVE-2015-1369 | 1 Sequelize Project | 1 Sequelize | 2025-04-12 | N/A |
| SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter. | ||||
| CVE-2015-1372 | 1 Ferretcms Project | 1 Ferretcms | 2025-04-12 | N/A |
| SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php. | ||||
| CVE-2015-1393 | 1 10web | 1 Photo Gallery | 2025-04-12 | N/A |
| SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php. | ||||
| CVE-2015-1397 | 1 Magento | 1 Magento | 2025-04-12 | N/A |
| SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote administrators to execute arbitrary SQL commands via the popularity[field_expr] parameter when the popularity[from] or popularity[to] parameter is set. | ||||
| CVE-2015-2216 | 1 Photocati Media | 1 Photocrati | 2025-04-12 | N/A |
| SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter. | ||||
| CVE-2015-2237 | 1 Betster Project | 1 Betster | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php. | ||||
| CVE-2014-2008 | 1 Mpay24 Project | 1 Mpay24 | 2025-04-12 | N/A |
| SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter. | ||||
| CVE-2014-1945 | 1 Opendocman | 1 Opendocman | 2025-04-12 | N/A |
| SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter. | ||||
| CVE-2015-4342 | 2 Cacti, Fedoraproject | 2 Cacti, Fedora | 2025-04-12 | N/A |
| SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. | ||||
| CVE-2015-4348 | 1 Spider Contacts Project | 1 Spider Contacts | 2025-04-12 | N/A |
| SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-4426 | 1 Pimcore | 1 Pimcore | 2025-04-12 | N/A |
| SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy. | ||||
| CVE-2013-2945 | 1 B2evolution | 1 B2evolution | 2025-04-12 | N/A |
| SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. | ||||
| CVE-2015-5148 | 1 Livelycart | 1 Livelycart | 2025-04-12 | N/A |
| SQL injection vulnerability in LivelyCart 1.2.0 allows remote attackers to execute arbitrary SQL commands via the search_query parameter to product/search. | ||||
| CVE-2015-5308 | 1 Wp-championship Project | 1 Wp-championship | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter. | ||||