Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-5050

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 Jan, 2012 | 19:00
Updated At-07 Aug, 2024 | 00:23
Rejected At-
Credits

SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 Jan, 2012 | 19:00
Updated At:07 Aug, 2024 | 00:23
Rejected At:
▼CVE Numbering Authority (CNA)

SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/47304
third-party-advisory
x_refsource_SECUNIA
http://osvdb.org/77986
vdb-entry
x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/71920
vdb-entry
x_refsource_XF
http://www.vulnerability-lab.com/get_content.php?id=60
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/47304
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://osvdb.org/77986
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/71920
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.vulnerability-lab.com/get_content.php?id=60
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://secunia.com/advisories/47304
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://osvdb.org/77986
vdb-entry
x_refsource_OSVDB
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/71920
vdb-entry
x_refsource_XF
x_transferred
http://www.vulnerability-lab.com/get_content.php?id=60
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/47304
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://osvdb.org/77986
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/71920
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.vulnerability-lab.com/get_content.php?id=60
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 Jan, 2012 | 19:55
Updated At:29 Apr, 2026 | 01:13

SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.0MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.0
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P
CPE Matches

elitecore
elitecore
>>cyberoam_unified_threat_management>>Versions up to 10.01.0(inclusive)
cpe:2.3:h:elitecore:cyberoam_unified_threat_management:*:build0739:*:*:*:*:*:*
elitecore
elitecore
>>cyberoam_unified_threat_management>>10.00
cpe:2.3:h:elitecore:cyberoam_unified_threat_management:10.00:build0309:*:*:*:*:*:*
elitecore
elitecore
>>cyberoam_unified_threat_management>>10.01
cpe:2.3:h:elitecore:cyberoam_unified_threat_management:10.01:build0667:*:*:*:*:*:*
elitecore
elitecore
>>cyberoam_unified_threat_management>>cr300i
cpe:2.3:h:elitecore:cyberoam_unified_threat_management:cr300i:10:*:*:*:*:*:*
elitecore
elitecore
>>cyberoam_unified_threat_management>>cr500i
cpe:2.3:h:elitecore:cyberoam_unified_threat_management:cr500i:10:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://osvdb.org/77986cve@mitre.org
N/A
http://secunia.com/advisories/47304cve@mitre.org
Vendor Advisory
http://www.vulnerability-lab.com/get_content.php?id=60cve@mitre.org
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/71920cve@mitre.org
N/A
http://osvdb.org/77986af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/47304af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.vulnerability-lab.com/get_content.php?id=60af854a3a-2127-422b-91ae-364da2661108
Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/71920af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://osvdb.org/77986
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/47304
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vulnerability-lab.com/get_content.php?id=60
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/71920
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://osvdb.org/77986
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/47304
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.vulnerability-lab.com/get_content.php?id=60
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/71920
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

76Records found

CVE-2014-5185
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-1.94% / 77.70%
||
7 Day CHG~0.00%
Published-06 Aug, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php.

Action-Not Available
Vendor-quartz_plugin_projectn/a
Product-quartz_pluginn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-5182
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-2.27% / 80.91%
||
7 Day CHG~0.00%
Published-06 Aug, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.

Action-Not Available
Vendor-ostentan/a
Product-yawppn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-3783
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-1.67% / 73.87%
||
7 Day CHG~0.00%
Published-22 May, 2014 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.

Action-Not Available
Vendor-dotclearn/a
Product-dotclearn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-4838
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.86% / 54.23%
||
7 Day CHG~0.00%
Published-13 Sep, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.

Action-Not Available
Vendor-extensiondepotn/aJoomla!
Product-com_jsupportjoomla\!n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-5044
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.98% / 57.99%
||
7 Day CHG~0.00%
Published-02 Nov, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-kanichn/aJoomla!
Product-joomla\!com_searchlogn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-4751
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.82% / 52.88%
||
7 Day CHG~0.00%
Published-01 Mar, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485.

Action-Not Available
Vendor-lightneasyn/a
Product-lightneasyn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-1258
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-8.4||HIGH
EPSS-0.94% / 56.48%
||
7 Day CHG+0.03%
Published-14 Apr, 2022 | 13:50
Updated-02 Aug, 2024 | 23:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection vulnerability in McAfee Agent's ePO extension

A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.

Action-Not Available
Vendor-McAfee, LLC
Product-agentMcAfee Agent ePO extension
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-2573
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.82% / 52.65%
||
7 Day CHG~0.00%
Published-22 Jul, 2009 | 17:09
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via the (1) user parameter to (a) index.php and (b) rss.php.

Action-Not Available
Vendor-bioscriptsn/a
Product-minitwittern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2019-14937
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.40% / 69.27%
||
7 Day CHG~0.00%
Published-17 Aug, 2019 | 16:15
Updated-05 Aug, 2024 | 00:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

REDCap before 9.3.0 allows time-based SQL injection in the edit calendar event via the cal_id parameter, such as cal_id=55 and sleep(3) to Calendar/calendar_popup_ajax.php. The attacker can obtain a user's login sessionid from the database, and then re-login into REDCap to compromise all data.

Action-Not Available
Vendor-vanderbiltn/a
Product-redcapn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1810
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.89% / 54.84%
||
7 Day CHG~0.00%
Published-29 May, 2009 | 16:24
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) medium.php, (4) person.php, or (5) schlagwort.php in modules/, related to classes/class.perform.php.

Action-Not Available
Vendor-collectorn/a
Product-mycolexn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1812
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.89% / 54.84%
||
7 Day CHG~0.00%
Published-29 May, 2009 | 16:24
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php.

Action-Not Available
Vendor-collectorn/a
Product-mygesuadn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-2034
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.82% / 52.65%
||
7 Day CHG~0.00%
Published-12 Jun, 2009 | 17:28
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter.

Action-Not Available
Vendor-ricardo_alexandre_de_oliveira_staudtn/a
Product-yogurtn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-6577
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.97% / 57.42%
||
7 Day CHG~0.00%
Published-27 Jun, 2013 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-typoheadsn/aTYPO3 Association
Product-formhandlertypo3n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-41971
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-1.71% / 74.55%
||
7 Day CHG~0.00%
Published-18 Oct, 2021 | 14:30
Updated-04 Aug, 2024 | 03:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Possible SQL Injection when template processing is enabled

Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection when a malicious authenticated user sends an http request with a custom URL.

Action-Not Available
Vendor-The Apache Software Foundation
Product-supersetApache Superset
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-37197
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.8||HIGH
EPSS-0.82% / 52.64%
||
7 Day CHG~0.00%
Published-11 Jan, 2022 | 11:27
Updated-04 Aug, 2024 | 01:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements.

Action-Not Available
Vendor-Siemens AG
Product-comosCOMOS V10.3COMOS V10.2COMOS V10.4
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-6725
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.95% / 57.00%
||
7 Day CHG~0.00%
Published-17 Apr, 2009 | 10:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) index.php in a mythings page (mythings.php) and (2) the users page in admin.php.

Action-Not Available
Vendor-cmscoutn/a
Product-cmscoutn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-5350
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-2.38% / 81.88%
||
7 Day CHG~0.00%
Published-09 Oct, 2012 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode.

Action-Not Available
Vendor-n/aWordPress.org
Product-pay-with-tweetwordpressn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-4338
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-1.09% / 61.48%
||
7 Day CHG~0.00%
Published-30 Sep, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with "access brilliant_gallery" permissions to execute arbitrary SQL commands via the (1) nid, (2) qid, (3) state, and possibly (4) user parameters.

Action-Not Available
Vendor-vacilandan/a
Product-brilliant_galleryn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-3887
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.93% / 56.28%
||
7 Day CHG~0.00%
Published-02 Sep, 2008 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in a viewuser action.

Action-Not Available
Vendor-dotprojectn/a
Product-dotprojectn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-10915
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.5||HIGH
EPSS-5.15% / 91.41%
||
7 Day CHG~0.00%
Published-09 Aug, 2018 | 20:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untrusted input, attackers could bypass client-side connection security features, obtain access to higher privileged connections or potentially cause other impact through SQL injection, by causing the PQescape() functions to malfunction. Postgresql versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 are affected.

Action-Not Available
Vendor-The PostgreSQL Global Development GroupDebian GNU/LinuxCanonical Ltd.Red Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxvirtualizationdebian_linuxenterprise_linux_server_eusenterprise_linux_workstationopenstackpostgresqlenterprise_linux_desktoppostgresql
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-665
Improper Initialization
CVE-2008-0278
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-1.64% / 73.41%
||
7 Day CHG~0.00%
Published-15 Jan, 2008 | 19:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action.

Action-Not Available
Vendor-x7_groupn/a
Product-x7_chatn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-27644
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-8.8||HIGH
EPSS-1.86% / 76.69%
||
7 Day CHG~0.00%
Published-01 Nov, 2021 | 09:15
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DolphinScheduler mysql jdbc connector parameters deserialize remote code execution

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. (Only applicable to MySQL data source with internal login account password)

Action-Not Available
Vendor-The Apache Software Foundation
Product-dolphinschedulerApache DolphinScheduler
CWE ID-CWE-264
Not Available
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-24345
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.6||MEDIUM
EPSS-1.34% / 67.84%
||
7 Day CHG~0.00%
Published-14 Jun, 2021 | 13:37
Updated-03 Aug, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sendit WP Newsletter <= 2.5.1 - Authenticated (admin+) SQL Injection

The page lists-management feature of the Sendit WP Newsletter WordPress plugin through 2.5.1, available to Administrator users does not sanitise, validate or escape the id_lista POST parameter before using it in SQL statement, therefore leading to Blind SQL Injection.

Action-Not Available
Vendor-sendit_projectUnknown
Product-senditSendit WP Newsletter
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-24877
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.2||HIGH
EPSS-1.24% / 65.51%
||
7 Day CHG~0.00%
Published-23 Nov, 2021 | 19:16
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
MainWP Child < 4.1.8 - Admin+ SQL Injection

The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users such as admin when the Backup and Staging by WP Time Capsule plugin is installed

Action-Not Available
Vendor-mainwpUnknown
Product-mainwp_childMainWP Child - Securely connects sites to the MainWP WordPress Manager Dashboard
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-24617
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-1.50% / 71.08%
||
7 Day CHG~0.00%
Published-19 Feb, 2021 | 22:48
Updated-04 Aug, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped.

Action-Not Available
Vendor-mailtrainn/a
Product-mailtrainn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-15008
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.89% / 54.98%
||
7 Day CHG~0.00%
Published-07 Jul, 2020 | 19:39
Updated-04 Aug, 2024 | 13:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user supplied table name with little validation, the table name can be modified to allow arbitrary update commands to be run. Usage of other SQL injection techniques such as timing attacks, it is possible to perform full data extraction as well. Patched in 2020.7 and in a hotfix for 2019.12.

Action-Not Available
Vendor-connectwisen/a
Product-connectwise_automaten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • Next
Details not found