Export limit exceeded: 18810 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (18810 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2314 | 1 Wpml | 1 Wpml | 2025-04-12 | N/A |
| SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax action to comments/feed. | ||||
| CVE-2015-7299 | 1 Nintex | 3 K2 Blackpearl, K2 For Sharepoint, K2 Smartforms | 2025-04-12 | N/A |
| SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter. | ||||
| CVE-2015-2292 | 1 Yoast | 1 Wordpress Seo | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. | ||||
| CVE-2015-2242 | 1 Webshophun | 1 Webshop Hun | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the (1) termid or (2) nyelv_id parameter to index.php. | ||||
| CVE-2015-2237 | 1 Betster Project | 1 Betster | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php. | ||||
| CVE-2015-7297 | 1 Joomla | 1 Joomla\! | 2025-04-12 | N/A |
| SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858. | ||||
| CVE-2015-2216 | 1 Photocati Media | 1 Photocrati | 2025-04-12 | N/A |
| SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter. | ||||
| CVE-2015-7239 | 1 Sap | 1 Netweaver J2ee Engine | 2025-04-12 | N/A |
| SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2015-7235 | 1 Cp Reservation Calender Project | 1 Cp Reservation Calender | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI. | ||||
| CVE-2015-6962 | 1 Teiko | 1 Farol | 2025-04-12 | N/A |
| SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php. | ||||
| CVE-2011-3197 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-12 | N/A |
| SQL injection vulnerability in Domain Technologie Control (DTC) before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the addrlink parameter to shared/inc/forms/domain_info.php. NOTE: CVE-2011-3197 has been SPLIT due to findings by different researchers. CVE-2011-5272 has been assigned for the vps_note parameter to dtcadmin/logPushlet.php vector. | ||||
| CVE-2015-2213 | 1 Wordpress | 1 Wordpress | 2025-04-12 | N/A |
| SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash. | ||||
| CVE-2015-2183 | 1 Zeuscart | 1 Zeuscart | 2025-04-12 | N/A |
| Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to admin/. | ||||
| CVE-2015-6943 | 1 S9y | 1 Serendipity | 2025-04-12 | N/A |
| SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php. | ||||
| CVE-2015-6915 | 1 Montala | 1 Resourcespace | 2025-04-12 | N/A |
| SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.php. | ||||
| CVE-2015-2102 | 1 Clip-bucket | 1 Clipbucket | 2025-04-12 | N/A |
| SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter. | ||||
| CVE-2015-2090 | 1 Sympies | 1 Wordpress Survey And Poll | 2025-04-12 | N/A |
| SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php. | ||||
| CVE-2015-2070 | 1 Etouch | 1 Samepage | 2025-04-12 | N/A |
| SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed. | ||||
| CVE-2015-2066 | 1 Dlguard | 1 Dlguard | 2025-04-12 | N/A |
| SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php. | ||||
| CVE-2015-6911 | 1 Synology | 1 Video Station | 2025-04-12 | N/A |
| SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi. | ||||