Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-0432

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 Mar, 2011 | 19:00
Updated At-16 Sep, 2024 | 17:18
Rejected At-
Credits

Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 Mar, 2011 | 19:00
Updated At:16 Sep, 2024 | 17:18
Rejected At:
▼CVE Numbering Authority (CNA)

Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.debian.org/security/2011/dsa-2177
vendor-advisory
x_refsource_DEBIAN
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html
vendor-advisory
x_refsource_FEDORA
http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz
x_refsource_CONFIRM
http://secunia.com/advisories/43602
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/43571
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0553
vdb-entry
x_refsource_VUPEN
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html
vendor-advisory
x_refsource_FEDORA
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/43703
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2011/0554
vdb-entry
x_refsource_VUPEN
http://www.vupen.com/english/advisories/2011/0634
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/bid/46655
vdb-entry
x_refsource_BID
http://code.google.com/p/pywebdav/updates/list
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=677718
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2011/dsa-2177
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/43602
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/43571
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2011/0553
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/43703
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2011/0554
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vupen.com/english/advisories/2011/0634
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/bid/46655
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://code.google.com/p/pywebdav/updates/list
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=677718
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.debian.org/security/2011/dsa-2177
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/43602
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/43571
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2011/0553
vdb-entry
x_refsource_VUPEN
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/43703
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2011/0554
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vupen.com/english/advisories/2011/0634
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/bid/46655
vdb-entry
x_refsource_BID
x_transferred
http://code.google.com/p/pywebdav/updates/list
x_refsource_CONFIRM
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=677718
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2011/dsa-2177
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/43602
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/43571
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0553
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/43703
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0554
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2011/0634
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/bid/46655
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://code.google.com/p/pywebdav/updates/list
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=677718
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Mar, 2011 | 19:55
Updated At:11 Apr, 2025 | 00:51

Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
simon_pamies
simon_pamies
>>pywebdav>>Versions up to 0.9.4(inclusive)
cpe:2.3:a:simon_pamies:pywebdav:*:*:*:*:*:*:*:*
simon_pamies
simon_pamies
>>pywebdav>>0.3
cpe:2.3:a:simon_pamies:pywebdav:0.3:*:*:*:*:*:*:*
simon_pamies
simon_pamies
>>pywebdav>>0.5
cpe:2.3:a:simon_pamies:pywebdav:0.5:*:*:*:*:*:*:*
simon_pamies
simon_pamies
>>pywebdav>>0.5.1
cpe:2.3:a:simon_pamies:pywebdav:0.5.1:*:*:*:*:*:*:*
simon_pamies
simon_pamies
>>pywebdav>>0.6
cpe:2.3:a:simon_pamies:pywebdav:0.6:*:*:*:*:*:*:*
simon_pamies
simon_pamies
>>pywebdav>>0.7
cpe:2.3:a:simon_pamies:pywebdav:0.7:*:*:*:*:*:*:*
simon_pamies
simon_pamies
>>pywebdav>>0.8
cpe:2.3:a:simon_pamies:pywebdav:0.8:*:*:*:*:*:*:*
simon_pamies
simon_pamies
>>pywebdav>>0.9.1
cpe:2.3:a:simon_pamies:pywebdav:0.9.1:*:*:*:*:*:*:*
simon_pamies
simon_pamies
>>pywebdav>>0.9.2
cpe:2.3:a:simon_pamies:pywebdav:0.9.2:*:*:*:*:*:*:*
simon_pamies
simon_pamies
>>pywebdav>>0.9.3
cpe:2.3:a:simon_pamies:pywebdav:0.9.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://code.google.com/p/pywebdav/updates/listcve@mitre.org
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.htmlcve@mitre.org
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.htmlcve@mitre.org
N/A
http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gzcve@mitre.org
Patch
http://secunia.com/advisories/43571cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/43602cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/43703cve@mitre.org
Vendor Advisory
http://www.debian.org/security/2011/dsa-2177cve@mitre.org
N/A
http://www.securityfocus.com/bid/46655cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2011/0553cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0554cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0634cve@mitre.org
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=677718cve@mitre.org
N/A
http://code.google.com/p/pywebdav/updates/listaf854a3a-2127-422b-91ae-364da2661108
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gzaf854a3a-2127-422b-91ae-364da2661108
Patch
http://secunia.com/advisories/43571af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/43602af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/43703af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.debian.org/security/2011/dsa-2177af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/46655af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2011/0553af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0554af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vupen.com/english/advisories/2011/0634af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=677718af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://code.google.com/p/pywebdav/updates/list
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://secunia.com/advisories/43571
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/43602
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/43703
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2011/dsa-2177
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/46655
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0553
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0554
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0634
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=677718
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://code.google.com/p/pywebdav/updates/list
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055412.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055413.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055444.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://pywebdav.googlecode.com/files/PyWebDAV-0.9.4.1.tar.gz
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://secunia.com/advisories/43571
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/43602
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/43703
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2011/dsa-2177
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/46655
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2011/0553
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0554
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2011/0634
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=677718
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

7285Records found
CVE-2008-0918
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 5.57%
||
7 Day CHG~0.00%
Published-22 Feb, 2008 | 23:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-astatsn/aJoomla!
Product-astatsprocom_astatspron/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0831
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.28%
||
7 Day CHG~0.00%
Published-20 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidrecipe) 1.6.5 and earlier component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) user_id or (2) category_id parameter. NOTE: this might overlap CVE-2008-0754.

Action-Not Available
Vendor-n/aJoomla!
Product-rapid_recipen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1039
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.54% / 67.40%
||
7 Day CHG~0.00%
Published-27 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 08:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in question.asp in PORAR WEBBOARD allows remote attackers to execute arbitrary SQL commands via the QID parameter.

Action-Not Available
Vendor-porarn/a
Product-webboardn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0328
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.96%
||
7 Day CHG~0.00%
Published-17 Jan, 2008 | 21:07
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-fascriptn/a
Product-fanamen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-5624
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.89% / 75.29%
||
7 Day CHG~0.00%
Published-28 Aug, 2020 | 04:05
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the XooNIps 3.48 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-rikenNeuroinformatics Unit, Integrative Computational Brain Science Collaboration Division, RIKEN Center for Brain Science
Product-xoonipsXooNIps
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-4738
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 65.06%
||
7 Day CHG~0.00%
Published-24 Oct, 2008 | 10:00
Updated-07 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-tufatn/a
Product-mycardn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-6137
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.8||CRITICAL
EPSS-0.72% / 72.21%
||
7 Day CHG~0.00%
Published-01 Sep, 2020 | 20:03
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-os4edn/a
Product-opensisOS4Ed
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0256
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.54% / 67.40%
||
7 Day CHG~0.00%
Published-15 Jan, 2008 | 19:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.

Action-Not Available
Vendor-matteo_bindan/a
Product-asp_photo_galleryn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0607
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.81%
||
7 Day CHG~0.00%
Published-06 Feb, 2008 | 11:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) 2.5.3 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-sigsiu.netn/aJoomla!MamboServer
Product-com_sobi2sobi2n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8327
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 9.03%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 17:32
Updated-05 Aug, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Exam Form Submission delete_s8.php sql injection

A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s8.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-exam_form_submissionExam Form Submission
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-4958
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.10% / 28.23%
||
7 Day CHG~0.00%
Published-27 Jul, 2010 | 18:39
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in video.php in EMO Breeder Manager (aka EMO Breader Manager) allows remote attackers to execute arbitrary SQL commands via the idd parameter.

Action-Not Available
Vendor-emophpn/a
Product-emo_breeder_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0750
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.71% / 71.96%
||
7 Day CHG~0.00%
Published-13 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in philboard_forum.asp in Husrev BlackBoard 2.0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

Action-Not Available
Vendor-husrevn/a
Product-blackboardn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0832
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.28%
||
7 Day CHG~0.00%
Published-20 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-kemas_antonius_com_qurann/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-1000217
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-11.40% / 93.47%
||
7 Day CHG~0.00%
Published-06 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zotpress plugin for WordPress SQLi in zp_get_account()

Action-Not Available
Vendor-zotpress_projectn/a
Product-zotpressn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0514
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.68%
||
7 Day CHG~0.00%
Published-31 Jan, 2008 | 19:30
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-glossaryn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0719
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.96%
||
7 Day CHG~0.00%
Published-12 Feb, 2008 | 01:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter.

Action-Not Available
Vendor-oscommercen/a
Product-customer_testimonialsoscommercen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7930
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.54%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 16:02
Updated-29 Jul, 2025 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Church Donation System add_members.php sql injection

A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /members/add_members.php. The manipulation of the argument mobile leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-church_donation_systemChurch Donation System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8272
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG-0.00%
Published-28 Jul, 2025 | 10:32
Updated-30 Jul, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Exam Form Submission update_fst.php sql injection

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_fst.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-exam_form_submissionExam Form Submission
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8332
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 9.03%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 20:32
Updated-05 Aug, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Farm System register.php sql injection

A vulnerability was found in code-projects Online Farm System 1.0. It has been classified as critical. Affected is an unknown function of the file /register.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-online_farm_systemOnline Farm System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0801
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.96%
||
7 Day CHG~0.00%
Published-15 Feb, 2008 | 21:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter.

Action-Not Available
Vendor-paxxgalleryn/aJoomla!MamboServer
Product-com_paxxgalleryjoomla\!mambon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8809
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.03%
||
7 Day CHG~0.00%
Published-10 Aug, 2025 | 12:32
Updated-13 Aug, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Medicine Guide addelidetails.php sql injection

A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /addelidetails.php. The manipulation of the argument del leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-online_medicine_guideOnline Medicine Guide
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0385
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.72%
||
7 Day CHG~0.00%
Published-29 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with (1) statprt/js/request or (2) dyn/js/request in the PATH_INFO.

Action-Not Available
Vendor-urulun/a
Product-urulun/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0746
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.68%
||
7 Day CHG~0.00%
Published-13 Feb, 2008 | 19:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_galleryn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8239
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.54%
||
7 Day CHG-0.00%
Published-27 Jul, 2025 | 19:02
Updated-05 Aug, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Exam Form Submission admin sql injection

A vulnerability classified as critical was found in code-projects Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-exam_form_submissionExam Form Submission
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-1000123
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.45% / 90.93%
||
7 Day CHG~0.00%
Published-06 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla

Action-Not Available
Vendor-huge-itn/a
Product-video_galleryn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8271
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG-0.00%
Published-28 Jul, 2025 | 10:02
Updated-30 Jul, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Exam Form Submission delete_s3.php sql injection

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete_s3.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-exam_form_submissionExam Form Submission
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2016-1000124
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.27% / 84.44%
||
7 Day CHG~0.00%
Published-06 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6

Action-Not Available
Vendor-huge-itn/a
Product-portfolio_galleryn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8969
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 7.69%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 16:32
Updated-18 Aug, 2025 | 14:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Online Tour and Travel Management System approve_user.php sql injection

A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/approve_user.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kITSourceCode
Product-online_tour_\&_travel_management_systemOnline Tour and Travel Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-1220
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.52%
||
7 Day CHG~0.00%
Published-10 Mar, 2008 | 17:00
Updated-07 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-phpnuken/a
Product-4nchatn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-3752
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.32% / 55.06%
||
7 Day CHG~0.00%
Published-22 Oct, 2009 | 17:00
Updated-07 Aug, 2024 | 06:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter.

Action-Not Available
Vendor-opialn/a
Product-opialn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8237
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.54%
||
7 Day CHG-0.00%
Published-27 Jul, 2025 | 18:02
Updated-05 Aug, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Exam Form Submission update_s1.php sql injection

A vulnerability was found in code-projects Exam Form Submission 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/update_s1.php. The manipulation of the argument credits leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-exam_form_submissionExam Form Submission
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-3934
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 58.80%
||
7 Day CHG~0.00%
Published-11 Feb, 2020 | 08:00
Updated-17 Sep, 2024 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TAIWAN SECOM CO., LTD. - Pre-auth SQL Injection

TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance Management system, contains a vulnerability of Pre-auth SQL Injection, allowing attackers to inject a specific SQL command.

Action-Not Available
Vendor-secomTAIWAN SECOM CO., LTD.
Product-dr.id_access_controldr.id_attendance_systemDoor Access Control systemPersonnel Attendance system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0326
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.46% / 63.96%
||
7 Day CHG~0.00%
Published-17 Jan, 2008 | 21:07
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php.

Action-Not Available
Vendor-fascriptn/a
Product-fapersianhackn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0839
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.83%
||
7 Day CHG~0.00%
Published-20 Feb, 2008 | 21:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-astatsn/aJoomla!
Product-astatsprocom_astatspron/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0291
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.88% / 75.22%
||
7 Day CHG~0.00%
Published-16 Jan, 2008 | 21:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter.

Action-Not Available
Vendor-hangzhou_rui-qiangn/a
Product-richstrong_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8441
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 9.03%
||
7 Day CHG~0.00%
Published-01 Aug, 2025 | 07:32
Updated-05 Aug, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Medicine Guide pharsignup.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /pharsignup.php. The manipulation of the argument phuname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-online_medicine_guideOnline Medicine Guide
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-9313
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.55% / 67.56%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 14:53
Updated-06 Aug, 2024 | 08:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The newstatpress plugin before 1.0.5 for WordPress has SQL injection related to an IMG element.

Action-Not Available
Vendor-newstatpress_projectn/a
Product-newstatpressn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-9334
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.61% / 69.61%
||
7 Day CHG~0.00%
Published-22 Aug, 2019 | 19:45
Updated-06 Aug, 2024 | 08:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The email-newsletter plugin through 20.15 for WordPress has SQL injection.

Action-Not Available
Vendor-email-newsletter_projectn/a
Product-email-newslettern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8371
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 9.03%
||
7 Day CHG~0.00%
Published-31 Jul, 2025 | 07:02
Updated-05 Aug, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Exam Form Submission update_s5.php sql injection

A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_s5.php. The manipulation of the argument credits leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-exam_form_submissionExam Form Submission
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0363
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.59% / 68.85%
||
7 Day CHG~0.00%
Published-18 Jan, 2008 | 21:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php.

Action-Not Available
Vendor-clever_copyn/a
Product-clever_copyn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-3644
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.11% / 29.66%
||
7 Day CHG~0.00%
Published-09 Oct, 2009 | 14:18
Updated-16 Sep, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php.

Action-Not Available
Vendor-soundsetn/aJoomla!
Product-joomla\!com_soundsetn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0686
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.02% / 4.86%
||
7 Day CHG~0.00%
Published-12 Feb, 2008 | 00:00
Updated-07 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.

Action-Not Available
Vendor-n/aJoomla!MamboServer
Product-com_neoreferencesn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0282
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.54% / 67.40%
||
7 Day CHG~0.00%
Published-15 Jan, 2008 | 20:00
Updated-07 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter.

Action-Not Available
Vendor-domphpn/a
Product-domphpn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8468
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 9.03%
||
7 Day CHG~0.00%
Published-02 Aug, 2025 | 14:32
Updated-05 Aug, 2025 | 18:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Wazifa System reset.php sql injection

A vulnerability was found in code-projects Wazifa System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /controllers/reset.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-wazifa_systemWazifa System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0939
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.63% / 81.70%
||
7 Day CHG~0.00%
Published-25 Feb, 2008 | 20:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-n/aWordPress.org
Product-photo_album_pluginn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-9467
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.66% / 70.98%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 16:04
Updated-06 Aug, 2024 | 08:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.

Action-Not Available
Vendor-k-78n/a
Product-broken_link_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-0916
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.54% / 67.40%
||
7 Day CHG~0.00%
Published-22 Feb, 2008 | 23:00
Updated-07 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Highwood Design hwdVideoShare (com_hwdvideoshare) 1.1.3 Alpha component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a viewcategory action to index.php.

Action-Not Available
Vendor-highwood_designn/a
Product-hwdvideosharen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8331
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 9.03%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 20:02
Updated-05 Aug, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Farm System forgot_pass.php sql injection

A vulnerability was found in code-projects Online Farm System 1.0 and classified as critical. This issue affects some unknown processing of the file /forgot_pass.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-anishaSource Code & Projects
Product-online_farm_systemOnline Farm System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-4084
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 60.20%
||
7 Day CHG~0.00%
Published-27 Nov, 2009 | 20:45
Updated-07 Aug, 2024 | 06:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-e107n/a
Product-e107n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8251
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.46%
||
7 Day CHG-0.00%
Published-28 Jul, 2025 | 01:32
Updated-30 Jul, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Exam Form Submission delete_s4.php sql injection

A vulnerability has been found in code-projects Exam Form Submission 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s4.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-exam_form_submissionExam Form Submission
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • ...
  • 27
  • 28
  • 29
  • ...
  • 145
  • 146
  • Next
Details not found