Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-2337

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-19 May, 2008 | 10:00
Updated At-07 Aug, 2024 | 08:58
Rejected At-
Credits

Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php in, different vectors than CVE-2006-3163.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:19 May, 2008 | 10:00
Updated At:07 Aug, 2024 | 08:58
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php in, different vectors than CVE-2006-3163.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/42474
vdb-entry
x_refsource_XF
http://www.securityfocus.com/bid/29250
vdb-entry
x_refsource_BID
https://www.exploit-db.com/exploits/5631
exploit
x_refsource_EXPLOIT-DB
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42474
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/bid/29250
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.exploit-db.com/exploits/5631
Resource:
exploit
x_refsource_EXPLOIT-DB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://exchange.xforce.ibmcloud.com/vulnerabilities/42474
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/bid/29250
vdb-entry
x_refsource_BID
x_transferred
https://www.exploit-db.com/exploits/5631
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42474
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/bid/29250
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/5631
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:19 May, 2008 | 13:20
Updated At:29 Sep, 2017 | 01:31

Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php in, different vectors than CVE-2006-3163.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
imgallery
imgallery
>>imgallery>>2.5
cpe:2.3:a:imgallery:imgallery:2.5:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/29250cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/42474cve@mitre.org
N/A
https://www.exploit-db.com/exploits/5631cve@mitre.org
N/A
Hyperlink: http://www.securityfocus.com/bid/29250
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/42474
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/5631
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7286Records found
CVE-2012-0973
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.26% / 84.40%
||
7 Day CHG~0.00%
Published-25 Sep, 2012 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-osclassn/a
Product-osclassn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-1061
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.72%
||
7 Day CHG~0.00%
Published-14 Feb, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in GForge Advanced Server 6.0.0 and other versions before 6.0.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-gforgegroupn/a
Product-gforgen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5091
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.68%
||
7 Day CHG~0.00%
Published-24 May, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in GR Board (aka grboard) 1.8.6.5 Community Edition allow remote attackers to execute arbitrary SQL commands via the (1) tableType or (2) blindTarget parameter to view.php, (3) the delTargets[0] parameter to view_memo.php, or (4) the isReported parameter to write_ok.php.

Action-Not Available
Vendor-grboardn/a
Product-grboardn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5230
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.61% / 81.53%
||
7 Day CHG-0.30%
Published-25 Oct, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member.

Action-Not Available
Vendor-seotoastern/a
Product-seotoastern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5103
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 59.07%
||
7 Day CHG~0.00%
Published-23 Aug, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Alurian Prismotube PHP Video Script allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

Action-Not Available
Vendor-aluriann/a
Product-prismotube_video_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5201
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.94%
||
7 Day CHG~0.00%
Published-23 Sep, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in sign.php in tinyguestbook allow remote attackers to execute arbitrary SQL commands via the (1) name and (2) msg parameters. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-steveyolamn/a
Product-tinyguestbookn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-0224
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.52% / 66.56%
||
7 Day CHG~0.00%
Published-28 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aIBM Corporation
Product-marketing_platformn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11115
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 5.13%
||
7 Day CHG-0.00%
Published-28 Sep, 2025 | 18:32
Updated-23 Oct, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Simple Scheduling System addtime.php sql injection

A vulnerability has been found in code-projects Simple Scheduling System 1.0. Affected by this issue is some unknown functionality of the file /addtime.php. The manipulation of the argument starttime/endtime leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Fabian RosSource Code & Projects
Product-simple_scheduling_systemSimple Scheduling System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5139
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 76.43%
||
7 Day CHG~0.00%
Published-31 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-preprojectsn/a
Product-business_cards_designern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5022
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.32%
||
7 Day CHG~0.00%
Published-29 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter.

Action-Not Available
Vendor-pliggn/a
Product-pligg_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-0069
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.94%
||
7 Day CHG~0.00%
Published-24 Jan, 2012 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter.

Action-Not Available
Vendor-batavin/a
Product-batavin/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4673
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.48%
||
7 Day CHG~0.00%
Published-02 Dec, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-n/aAutomattic Inc.WordPress.org
Product-jetpackwordpressn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11476
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 15.37%
||
7 Day CHG~0.00%
Published-08 Oct, 2025 | 13:32
Updated-09 Oct, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple E-Commerce Bookstore index.php sql injection

A vulnerability was identified in SourceCodester Simple E-Commerce Bookstore 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument login_username leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-SourceCodesterjanobe
Product-simple_e-commerce_bookstoreSimple E-Commerce Bookstore
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4672
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.85% / 74.62%
||
7 Day CHG+0.38%
Published-02 Dec, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php.

Action-Not Available
Vendor-validn/a
Product-tiny-erpn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-1000271
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 48.21%
||
7 Day CHG~0.00%
Published-04 Feb, 2019 | 21:00
Updated-17 Sep, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server.

Action-Not Available
Vendor-dthdevelopmentn/a
Product-dt_registern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5216
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 64.81%
||
7 Day CHG-0.12%
Published-25 Oct, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-troyefn/aWordPress.org
Product-scorm_cloudwordpressn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10967
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 5.23%
||
7 Day CHG~0.00%
Published-25 Sep, 2025 | 20:02
Updated-26 Sep, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MuFen-mker PHP-Usermm chkuser.php sql injection

A vulnerability was detected in MuFen-mker PHP-Usermm up to 37f2d24e51b04346dfc565b93fc2fc6b37bdaea9. This affects an unknown part of the file /chkuser.php. Performing manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-MuFen-mker
Product-PHP-Usermm
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5140
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 76.40%
||
7 Day CHG~0.00%
Published-31 Aug, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) control/approve_posts.php, and (i) control/viewcat.php; and the (2) month and (3) year parameters to archive.php.

Action-Not Available
Vendor-diy-cmsn/a
Product-diy-cmsblogn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4949
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.84% / 74.44%
||
7 Day CHG~0.00%
Published-31 Aug, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-egroupwaren/a
Product-egroupware_enterprise_lineegroupwaren/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4829
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.45%
||
7 Day CHG~0.00%
Published-15 Dec, 2011 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.

Action-Not Available
Vendor-barter-sitesn/aJoomla!
Product-joomla\!com_listingn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4725
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 54.23%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by login_up.php3 and certain other files.

Action-Not Available
Vendor-n/aParallels International GmbhRed Hat, Inc.Microsoft Corporation
Product-enterprise_linuxwindowsparallels_plesk_paneln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5262
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.39% / 59.98%
||
7 Day CHG~0.00%
Published-12 Feb, 2013 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.

Action-Not Available
Vendor-n/aSonicWall Inc.
Product-aventail_sra_ex_virtual_applianceaventail_sra_ex7000aventail_sra_ex9000aventail_sra_ex6000n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5286
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.74% / 82.29%
||
7 Day CHG~0.00%
Published-01 Jan, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter.

Action-Not Available
Vendor-social_slider_projectn/a
Product-social_slidern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5213
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.33% / 79.75%
||
7 Day CHG-0.97%
Published-25 Oct, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php.

Action-Not Available
Vendor-browsercrmn/a
Product-browsercrmn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-0036
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-6.54% / 90.99%
||
7 Day CHG~0.00%
Published-13 Apr, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.

Action-Not Available
Vendor-n/aCURL
Product-curllibcurln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4638
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.29% / 52.44%
||
7 Day CHG~0.00%
Published-08 Oct, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3) wldomain, or (4) temid parameter to urls-x.php.

Action-Not Available
Vendor-spamtitann/a
Product-webtitann/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5266
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.68%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 22:43
Updated-07 Aug, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass.

Action-Not Available
Vendor-impervan/a
Product-securesphere_web_application_firewalln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4960
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.46% / 64.11%
||
7 Day CHG~0.00%
Published-17 Sep, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSilverstripe
Product-silverstripen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-3549
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-9.1||CRITICAL
EPSS-31.01% / 96.66%
||
7 Day CHG~0.00%
Published-24 Apr, 2017 | 19:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Scripting accessible data as well as unauthorized access to critical data or complete access to all Oracle Scripting accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-scriptingScripting
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4710
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.27% / 50.32%
||
7 Day CHG~0.00%
Published-08 Dec, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI.

Action-Not Available
Vendor-lucidcrewgetpixien/a
Product-pixien/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4763
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 54.23%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files.

Action-Not Available
Vendor-n/aParallels International Gmbh
Product-parallels_plesk_small_business_paneln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5224
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.95%
||
7 Day CHG-0.14%
Published-25 Oct, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-trioniclabsn/aWordPress.org
Product-sentinelwordpressn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5278
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.49% / 65.11%
||
7 Day CHG~0.00%
Published-08 Apr, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in signature.php in Advanced Forum Signatures plugin (aka afsignatures) 2.0.4 for MyBB allows remote attackers to execute arbitrary SQL commands via the afs_bar_right parameter.

Action-Not Available
Vendor-advanced_forum_signatures_projectn/a
Product-advanced_forum_signaturesn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5215
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.36% / 57.96%
||
7 Day CHG-0.16%
Published-25 Oct, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-2daybizn/a
Product-video_community_portal_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4847
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.17% / 38.06%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL commands via a certificateslist cookie to notification@/.

Action-Not Available
Vendor-n/aParallels International GmbhMicrosoft Corporation
Product-windows_server_2008parallels_plesk_panelwindows_2003_servern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5112
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.56% / 67.84%
||
7 Day CHG~0.00%
Published-23 Aug, 2012 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.

Action-Not Available
Vendor-blueflyingfishn/aJoomla!
Product-joomla\!com_alamedan/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5183
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.00% / 76.75%
||
7 Day CHG~0.00%
Published-20 Sep, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the where_clause parameter to (1) index.php, (2) index_long.php, or (3) index_short.php in ordering/interface_creator/.

Action-Not Available
Vendor-bioinformaticsn/a
Product-ordersysn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-0710
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-79.22% / 99.05%
||
7 Day CHG~0.00%
Published-11 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the User Manager service in Apache Jetspeed before 2.3.1 allow remote attackers to execute arbitrary SQL commands via the (1) role or (2) user parameter to services/usermanager/users/.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-jetspeedn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5200
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 55.99%
||
7 Day CHG~0.00%
Published-23 Sep, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php.

Action-Not Available
Vendor-n/aDedeCMS
Product-dedecmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4674
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.37% / 58.63%
||
7 Day CHG~0.00%
Published-02 Dec, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.

Action-Not Available
Vendor-n/aZABBIX
Product-zabbixn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5203
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.58% / 68.72%
||
7 Day CHG~0.00%
Published-04 Oct, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-akivan/a
Product-webboardn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5071
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.52% / 66.48%
||
7 Day CHG+0.23%
Published-29 Jan, 2012 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-sitrackern/a
Product-support_incident_trackern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5222
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.83% / 82.69%
||
7 Day CHG+0.23%
Published-25 Oct, 2012 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter.

Action-Not Available
Vendor-scripte24shopn/a
Product-php_flirt-projektn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5072
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 54.37%
||
7 Day CHG+0.16%
Published-29 Jan, 2012 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unlock, (5) lock, or (6) selected parameter to holding_queue.php; inc parameter in a report action to (7) report_customers.php or (8) report_incidents_by_site.php; (9) start parameter to search.php; or (10) sites parameter to transactions.php.

Action-Not Available
Vendor-sitrackern/a
Product-support_incident_trackern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4671
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.38% / 58.80%
||
7 Day CHG~0.00%
Published-02 Dec, 2011 | 18:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).

Action-Not Available
Vendor-adrotatepluginn/aWordPress.org
Product-wordpressadrotaten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5038
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 61.20%
||
7 Day CHG~0.00%
Published-30 Dec, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-hitcoden/a
Product-hitappointn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5076
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.41% / 61.20%
||
7 Day CHG~0.00%
Published-08 Feb, 2012 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-hudongn/a
Product-hdwikin/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-4801
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.15% / 84.02%
||
7 Day CHG~0.00%
Published-14 Dec, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.

Action-Not Available
Vendor-authenexn/a
Product-authenex_strong_authentication_system_servern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-2925
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.35% / 57.15%
||
7 Day CHG~0.00%
Published-30 Jul, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allows remote attackers to execute arbitrary SQL commands via the ecPath parameter.

Action-Not Available
Vendor-openfreewayn/a
Product-freewayn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-5020
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 49.68%
||
7 Day CHG~0.00%
Published-10 Jan, 2020 | 18:13
Updated-07 Aug, 2024 | 00:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011.

Action-Not Available
Vendor-online_tv_database_projectn/a
Product-online_tv_databasen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • ...
  • 8
  • 9
  • 10
  • ...
  • 145
  • 146
  • Next
Details not found