Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-1650

Summary
Assigner-symantec
Assigner Org ID-80d3bcb6-88de-48c2-a47e-aebf795f19b5
Published At-18 Jun, 2014 | 19:00
Updated At-06 Aug, 2024 | 09:50
Rejected At-
Credits

SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:symantec
Assigner Org ID:80d3bcb6-88de-48c2-a47e-aebf795f19b5
Published At:18 Jun, 2014 | 19:00
Updated At:06 Aug, 2024 | 09:50
Rejected At:
▼CVE Numbering Authority (CNA)

SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securitytracker.com/id/1030443
vdb-entry
x_refsource_SECTRACK
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
x_refsource_CONFIRM
http://www.securityfocus.com/bid/67753
vdb-entry
x_refsource_BID
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1030443
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/67753
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.securitytracker.com/id/1030443
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/67753
vdb-entry
x_refsource_BID
x_transferred
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1030443
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/67753
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@symantec.com
Published At:18 Jun, 2014 | 19:55
Updated At:06 May, 2026 | 22:30

SQL injection vulnerability in user.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.2MEDIUM
AV:A/AC:L/Au:S/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 5.2
Base severity: MEDIUM
Vector:
AV:A/AC:L/Au:S/C:P/I:P/A:P
CPE Matches

Symantec Corporation
symantec
>>web_gateway>>Versions up to 5.2(inclusive)
cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://www.securityfocus.com/bid/67753secure@symantec.com
N/A
http://www.securitytracker.com/id/1030443secure@symantec.com
N/A
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00secure@symantec.com
N/A
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00secure@symantec.com
Vendor Advisory
http://www.securityfocus.com/bid/67753af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1030443af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/67753
Source: secure@symantec.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1030443
Source: secure@symantec.com
Resource: N/A
Hyperlink: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
Source: secure@symantec.com
Resource: N/A
Hyperlink: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
Source: secure@symantec.com
Resource:
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/67753
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1030443
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

232Records found

CVE-2017-15527
Matching Score-8
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-8
Assigner-Symantec - A Division of Broadcom
CVSS Score-6.8||MEDIUM
EPSS-1.09% / 61.49%
||
7 Day CHG~0.00%
Published-20 Nov, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prior to ITMS 8.1 RU4, the Symantec Management Console can be susceptible to a directory traversal exploit, which is a type of attack that can occur when there is insufficient security validation / sanitization of user-supplied input file names, such that characters representing "traverse to parent directory" are passed through to the file APIs.

Action-Not Available
Vendor-Symantec Corporation
Product-management_consoleSymantec Management Console
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-5240
Matching Score-8
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-8
Assigner-Symantec - A Division of Broadcom
CVSS Score-8||HIGH
EPSS-1.10% / 61.56%
||
7 Day CHG~0.00%
Published-25 Jul, 2018 | 16:00
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Inventory Plugin for Symantec Management Agent prior to 7.6 POST HF7, 8.0 POST HF6, or 8.1 RU7 may be susceptible to a privilege escalation vulnerability, which is a type of issue that allows a user to gain elevated access to resources that are normally protected at lower access levels.

Action-Not Available
Vendor-Symantec Corporation
Product-inventoryInventory Plugin for Symantec Management Agent
CVE-2017-6323
Matching Score-8
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-8
Assigner-Symantec - A Division of Broadcom
CVSS Score-8||HIGH
EPSS-0.52% / 40.39%
||
7 Day CHG~0.00%
Published-16 Apr, 2018 | 18:00
Updated-16 Sep, 2024 | 23:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Symantec Management Console prior to ITMS 8.1 RU1, ITMS 8.0_POST_HF6, and ITMS 7.6_POST_HF7 has an issue whereby XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.

Action-Not Available
Vendor-Symantec Corporation
Product-management_consoleITMS
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2017-15526
Matching Score-8
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-8
Assigner-Symantec - A Division of Broadcom
CVSS Score-6.8||MEDIUM
EPSS-0.33% / 25.20%
||
7 Day CHG~0.00%
Published-13 Nov, 2017 | 22:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a null pointer de-reference issue, which can result in a NullPointerException that can lead to a privilege escalation scenario.

Action-Not Available
Vendor-Symantec Corporation
Product-endpoint_encryptionSymantec Endpoint Encryption
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2013-5012
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-6.5||MEDIUM
EPSS-1.52% / 71.43%
||
7 Day CHG~0.00%
Published-11 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-web_gatewayn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-4178
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.24% / 65.45%
||
7 Day CHG~0.00%
Published-07 Aug, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-web_gatewayn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-2961
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-2.46% / 82.44%
||
7 Day CHG~0.00%
Published-23 Jul, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-web_gatewayn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-0293
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.26% / 66.12%
||
7 Day CHG~0.00%
Published-17 Mar, 2012 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Symantec Altiris WISE Package Studio before 8.0MR1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-altiris_wise_package_studion/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-0553
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.85% / 76.59%
||
7 Day CHG~0.00%
Published-02 Oct, 2011 | 01:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-im_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2011-0549
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.24% / 80.66%
||
7 Day CHG~0.00%
Published-11 Jul, 2011 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-web_gatewayn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-0112
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.82% / 92.25%
||
7 Day CHG~0.00%
Published-28 Oct, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and SQL statements contained within a certain report file; (2) unspecified parameters in a DetailReportGroup (aka DetailReportGroup.lgx) action to rdpageimlogic.aspx; the (3) selclause, (4) whereTrendTimeClause, (5) TrendTypeForReport, (6) whereProtocolClause, or (7) groupClause parameter in a SummaryReportGroup (aka SummaryReportGroup.lgx) action to rdpageimlogic.aspx; the (8) loginTimeStamp, (9) dbo, (10) dateDiffParam, or (11) whereClause parameter in a LoggedInUsers (aka LoggedInUSers.lgx) action to (a) rdpageimlogic.aspx or (b) rdPage.aspx; the (12) selclause, (13) whereTrendTimeClause, (14) TrendTypeForReport, (15) whereProtocolClause, or (16) groupClause parameter to rdpageimlogic.aspx; (17) the groupList parameter to IMAdminReportTrendFormRun.asp; or (18) the email parameter to IMAdminScheduleReport.asp.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-im_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-0115
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.36% / 81.73%
||
7 Day CHG~0.00%
Published-14 Jan, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-web_gateway_applianceweb_gatewayn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-2286
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-32.68% / 98.13%
||
7 Day CHG~0.00%
Published-18 May, 2008 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-altiris_deployment_solutionn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-8153
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-8.8||HIGH
EPSS-3.08% / 86.07%
||
7 Day CHG~0.00%
Published-18 Mar, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-endpoint_protection_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-6548
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-5.8||MEDIUM
EPSS-1.80% / 75.84%
||
7 Day CHG~0.00%
Published-20 Sep, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-web_gatewayn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-1491
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-6||MEDIUM
EPSS-1.62% / 73.16%
||
7 Day CHG~0.00%
Published-01 Aug, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-endpoint_protection_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-1651
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-5.8||MEDIUM
EPSS-1.98% / 78.07%
||
7 Day CHG~0.00%
Published-18 Jun, 2014 | 19:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-web_gatewayn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-1645
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-7.5||HIGH
EPSS-1.41% / 69.43%
||
7 Day CHG+0.01%
Published-29 Mar, 2014 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-liveupdate_administratorn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-9229
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-6.5||MEDIUM
EPSS-1.72% / 74.75%
||
7 Day CHG~0.00%
Published-20 Sep, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-endpoint_protectionn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-7289
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-6.5||MEDIUM
EPSS-4.55% / 90.44%
||
7 Day CHG~0.00%
Published-21 Jan, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.

Action-Not Available
Vendor-n/aSymantec CorporationBroadcom Inc.
Product-symantec_critical_system_protectiondata_center_securityn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-5015
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-6.5||MEDIUM
EPSS-28.76% / 97.91%
||
7 Day CHG~0.00%
Published-14 Feb, 2014 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1.4023.4080, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-endpoint_protection_managerprotection_centern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-1617
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-7.4||HIGH
EPSS-7.35% / 93.65%
||
7 Day CHG~0.00%
Published-31 Jul, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-web_gatewayweb_gateway_appliance_8450web_gateway_appliance_8490n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-1613
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.7||MEDIUM
EPSS-1.46% / 70.40%
||
7 Day CHG~0.00%
Published-08 Jul, 2013 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-security_information_manager_appliancesecurity_information_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2012-2574
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-7.5||HIGH
EPSS-1.23% / 65.26%
||
7 Day CHG~0.00%
Published-23 Jul, 2012 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-web_gatewayn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125065
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.67% / 47.56%
||
7 Day CHG~0.00%
Published-07 Jan, 2023 | 19:39
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
john5223 bottle-auth sql injection

A vulnerability, which was classified as critical, was found in john5223 bottle-auth. Affected is an unknown function. The manipulation leads to sql injection. The name of the patch is 99cfbcc0c1429096e3479744223ffb4fda276875. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217632.

Action-Not Available
Vendor-bottle-auth_projectjohn5223
Product-bottle-authbottle-auth
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125052
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.64% / 46.35%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 20:40
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JervenBolleman sparql-identifiers RegistryDao.java sql injection

A vulnerability was found in JervenBolleman sparql-identifiers and classified as critical. This issue affects some unknown processing of the file src/main/java/org/identifiers/db/RegistryDao.java. The manipulation leads to sql injection. The patch is named 44bb0db91c064e305b192fc73521d1dfd25bde52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217571.

Action-Not Available
Vendor-sparql-identifiers_projectJervenBolleman
Product-sparql-identifierssparql-identifiers
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125083
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.65% / 46.75%
||
7 Day CHG~0.00%
Published-19 Jan, 2023 | 09:22
Updated-15 Oct, 2024 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Anant Labs google-enterprise-connector-dctm sql injection

A vulnerability has been found in Anant Labs google-enterprise-connector-dctm up to 3.2.3 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username/domain leads to sql injection. The patch is named 6fba04f18ab7764002a1da308e7cd9712b501cb7. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218911.

Action-Not Available
Vendor-anantAnant Labs
Product-google-enterprise-connector-dctmgoogle-enterprise-connector-dctm
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125079
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.66% / 46.97%
||
7 Day CHG~0.00%
Published-15 Jan, 2023 | 08:58
Updated-08 Apr, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
agy pontifex.http Http.coffee sql injection

A vulnerability was found in agy pontifex.http. It has been declared as critical. This vulnerability affects unknown code of the file lib/Http.coffee. The manipulation leads to sql injection. Upgrading to version 0.1.0 is able to address this issue. The name of the patch is e52a758f96861dcef2dabfecb9da191bb2e07761. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218356.

Action-Not Available
Vendor-pontifex.http_projectagy
Product-pontifex.httppontifex.http
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125058
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.71% / 48.94%
||
7 Day CHG~0.00%
Published-07 Jan, 2023 | 10:10
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LearnMeSomeCodes project3 search.rb search_first_name sql injection

A vulnerability was found in LearnMeSomeCodes project3 and classified as critical. This issue affects the function search_first_name of the file search.rb. The manipulation leads to sql injection. The patch is named d3efa17ae9f6b2fc25a6bbcf165cefed17c7035e. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217607. NOTE: Maintainer is aware of this issue as remarked in the source code.

Action-Not Available
Vendor-address_book_projectLearnMeSomeCodes
Product-address_bookproject3
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125046
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.64% / 46.35%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 09:53
Updated-10 Apr, 2025 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Seiji42 cub-scout-tracker databaseAccessFunctions.js sql injection

A vulnerability, which was classified as critical, was found in Seiji42 cub-scout-tracker. This affects an unknown part of the file databaseAccessFunctions.js. The manipulation leads to sql injection. The patch is named b4bc1a328b1f59437db159f9d136d9ed15707e31. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217551.

Action-Not Available
Vendor-cub-scout-tracker_projectSeiji42
Product-cub-scout-trackercub-scout-tracker
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125040
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.66% / 47.01%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 13:02
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
stevejagodzinski DevNewsAggregator RemoteHtmlContentDataAccess.php getByName sql injection

A vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affected by this issue is the function getByName of the file php/data_access/RemoteHtmlContentDataAccess.php. The manipulation of the argument name leads to sql injection. The name of the patch is b9de907e7a8c9ca9d75295da675e58c5bf06b172. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217484.

Action-Not Available
Vendor-devnewsaggregator_projectstevejagodzinski
Product-devnewsaggregatorDevNewsAggregator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125074
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.61% / 44.74%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 14:53
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Nayshlok Voyager DatabaseAccess.java sql injection

A vulnerability was found in Nayshlok Voyager. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Voyager/src/models/DatabaseAccess.java. The manipulation leads to sql injection. The identifier of the patch is f1249f438cd8c39e7ef2f6c8f2ab76b239a02fae. It is recommended to apply a patch to fix this issue. The identifier VDB-218005 was assigned to this vulnerability.

Action-Not Available
Vendor-voyager_projectNayshlok
Product-voyagerVoyager
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125047
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.64% / 46.35%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 11:59
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
tbezman school-store sql injection

A vulnerability classified as critical has been found in tbezman school-store. This affects an unknown part. The manipulation leads to sql injection. The identifier of the patch is 2957fc97054216d3a393f1775efd01ae2b072001. It is recommended to apply a patch to fix this issue. The identifier VDB-217557 was assigned to this vulnerability.

Action-Not Available
Vendor-school-store_projecttbezman
Product-school-storeschool-store
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125082
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.66% / 47.02%
||
7 Day CHG~0.00%
Published-17 Jan, 2023 | 23:58
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
nivit redports model.py sql injection

A vulnerability was found in nivit redports. It has been declared as critical. This vulnerability affects unknown code of the file redports-trac/redports/model.py. The manipulation leads to sql injection. The name of the patch is fc2c1ea1b8d795094abb15ac73cab90830534e04. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218464.

Action-Not Available
Vendor-redports_projectnivit
Product-redportsredports
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125038
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.66% / 46.94%
||
7 Day CHG~0.00%
Published-02 Jan, 2023 | 17:18
Updated-25 Nov, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IS_Projecto2 NewsBean.java sql injection

A vulnerability has been found in IS_Projecto2 and classified as critical. This vulnerability affects unknown code of the file Cnn-EJB/ejbModule/ejbs/NewsBean.java. The manipulation of the argument date leads to sql injection. The name of the patch is aa128b2c9c9fdcbbf5ecd82c1e92103573017fe0. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217192.

Action-Not Available
Vendor-is_projecto2_projectn/a
Product-is_projecto2IS_Projecto2
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125076
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.65% / 46.75%
||
7 Day CHG~0.00%
Published-11 Jan, 2023 | 18:20
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NoxxieNl Criminals roulette.php sql injection

A vulnerability was found in NoxxieNl Criminals. It has been classified as critical. Affected is an unknown function of the file ingame/roulette.php. The manipulation of the argument gambleMoney leads to sql injection. The patch is identified as 0a60b31271d4cbf8babe4be993d2a3a1617f0897. It is recommended to apply a patch to fix this issue. VDB-218022 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-criminals_projectNoxxieNl
Product-criminalsCriminals
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125072
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.75% / 50.38%
||
7 Day CHG~0.00%
Published-09 Jan, 2023 | 21:12
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CherishSin klattr sql injection

A vulnerability classified as critical has been found in CherishSin klattr. This affects an unknown part. The manipulation leads to sql injection. The patch is named f8e4ecfbb83aef577011b0b4aebe96fb6ec557f1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217719.

Action-Not Available
Vendor-klattr_projectCherishSin
Product-klattrklattr
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125050
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.69% / 48.17%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 16:15
Updated-25 Nov, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ScottTZhang voter-js main.js sql injection

A vulnerability was found in ScottTZhang voter-js and classified as critical. Affected by this issue is some unknown functionality of the file main.js. The manipulation leads to sql injection. The patch is identified as 6317c67a56061aeeaeed3cf9ec665fd9983d8044. It is recommended to apply a patch to fix this issue. VDB-217562 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-voter-js_projectScottTZhang
Product-voter-jsvoter-js
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125041
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.66% / 47.01%
||
7 Day CHG~0.00%
Published-05 Jan, 2023 | 14:30
Updated-27 May, 2025 | 19:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Miccighel PR-CWT sql injection

A vulnerability classified as critical was found in Miccighel PR-CWT. This vulnerability affects unknown code. The manipulation leads to sql injection. The patch is identified as e412127d07004668e5a213932c94807d87067a1f. It is recommended to apply a patch to fix this issue. VDB-217486 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-progetto-complementi_projectMiccighel
Product-progetto-complementiPR-CWT
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125049
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.71% / 49.12%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 12:29
Updated-06 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
typcn Blogile server.js getNav sql injection

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in typcn Blogile. Affected is the function getNav of the file server.js. The manipulation of the argument query leads to sql injection. The name of the patch is cfec31043b562ffefe29fe01af6d3c5ed1bf8f7d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217560. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-blogile_projecttypcn
Product-blogileBlogile
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125063
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.67% / 47.56%
||
7 Day CHG~0.00%
Published-07 Jan, 2023 | 18:37
Updated-15 Oct, 2024 | 17:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ada-l0velace Bid sql injection

A vulnerability was found in ada-l0velace Bid and classified as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The identifier of the patch is abd71140b8219fa8741d0d8a57ab27d5bfd34222. It is recommended to apply a patch to fix this issue. The identifier VDB-217625 was assigned to this vulnerability.

Action-Not Available
Vendor-bid_projectada-l0velace
Product-bidBid
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125051
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.69% / 48.17%
||
7 Day CHG~0.00%
Published-06 Jan, 2023 | 16:20
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
himiklab yii2-jqgrid-widget JqGridAction.php addSearchOptionsRecursively sql injection

A vulnerability was found in himiklab yii2-jqgrid-widget up to 1.0.7. It has been declared as critical. This vulnerability affects the function addSearchOptionsRecursively of the file JqGridAction.php. The manipulation leads to sql injection. Upgrading to version 1.0.8 is able to address this issue. The name of the patch is a117e0f2df729e3ff726968794d9a5ac40e660b9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217564.

Action-Not Available
Vendor-yii2-jqgrid-widget_projecthimiklab
Product-yii2-jqgrid-widgetyii2-jqgrid-widget
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125073
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.67% / 47.56%
||
7 Day CHG~0.00%
Published-10 Jan, 2023 | 15:45
Updated-25 Nov, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mapoor voteapp app.py show_refresh sql injection

A vulnerability was found in mapoor voteapp. It has been rated as critical. Affected by this issue is the function create_poll/do_poll/show_poll/show_refresh of the file app.py. The manipulation leads to sql injection. The patch is identified as b290c21a0d8bcdbd55db860afd3cadec97388e72. It is recommended to apply a patch to fix this issue. VDB-217790 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-voteapp_projectmapoor
Product-voteappvoteapp
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125086
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.67% / 47.61%
||
7 Day CHG~0.00%
Published-06 Feb, 2023 | 03:57
Updated-25 Mar, 2025 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gimmie Plugin trigger_login.php sql injection

A vulnerability has been found in Gimmie Plugin 1.2.2 on vBulletin and classified as critical. Affected by this vulnerability is an unknown functionality of the file trigger_login.php. The manipulation of the argument userid leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The patch is named fe851002d20a8d6196a5abb68bafec4102964d5b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220207.

Action-Not Available
Vendor-gimmie_projectn/a
Product-gimmieGimmie Plugin
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125084
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.62% / 45.29%
||
7 Day CHG~0.00%
Published-05 Feb, 2023 | 23:57
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gimmie Plugin trigger_referral.php sql injection

A vulnerability, which was classified as critical, has been found in Gimmie Plugin 1.2.2 on vBulletin. This issue affects some unknown processing of the file trigger_referral.php. The manipulation of the argument referrername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The identifier of the patch is 7194a09353dd24a274678383a4418f2fd3fce6f7. It is recommended to upgrade the affected component. The identifier VDB-220205 was assigned to this vulnerability.

Action-Not Available
Vendor-gimmie_projectn/a
Product-gimmieGimmie Plugin
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125085
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.62% / 45.29%
||
7 Day CHG~0.00%
Published-05 Feb, 2023 | 23:57
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gimmie Plugin trigger_ratethread.php sql injection

A vulnerability, which was classified as critical, was found in Gimmie Plugin 1.2.2 on vBulletin. Affected is an unknown function of the file trigger_ratethread.php. The manipulation of the argument t/postusername leads to sql injection. Upgrading to version 1.3.0 is able to address this issue. The patch is identified as f11a136e9cbd24997354965178728dc22a2aa2ed. It is recommended to upgrade the affected component. VDB-220206 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-gimmie_projectn/a
Product-gimmieGimmie Plugin
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125032
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.66% / 46.93%
||
7 Day CHG~0.00%
Published-02 Jan, 2023 | 07:50
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
porpeeranut go-with-me add.php sql injection

A vulnerability was found in porpeeranut go-with-me. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file module/frontend/add.php. The manipulation leads to sql injection. The identifier of the patch is b92451e4f9e85e26cf493c95ea0a69e354c35df9. It is recommended to apply a patch to fix this issue. The identifier VDB-217177 was assigned to this vulnerability.

Action-Not Available
Vendor-go-with-me_projectporpeeranut
Product-go-with-mego-with-me
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2014-125029
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.82% / 52.71%
||
7 Day CHG~0.00%
Published-07 Jan, 2023 | 21:34
Updated-06 Aug, 2024 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ttskch PaginationServiceProvider Demo index.php sql injection

A vulnerability was found in ttskch PaginationServiceProvider up to 0.x. It has been declared as critical. This vulnerability affects unknown code of the file demo/index.php of the component demo. The manipulation of the argument sort/id leads to sql injection. Upgrading to version 1.0.0 is able to address this issue. The patch is identified as 619de478efce17ece1a3b913ab16e40651e1ea7b. It is recommended to upgrade the affected component. VDB-217150 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-paginationserviceprovider_projectttskch
Product-paginationserviceproviderPaginationServiceProvider
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-10016
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.66% / 46.98%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 19:57
Updated-06 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fanzila WebFinance save_taxes.php sql injection

A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of the argument id leads to sql injection. The patch is named 306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-220055.

Action-Not Available
Vendor-webfinance_projectfanzila
Product-webfinanceWebFinance
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2013-10015
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.66% / 46.98%
||
7 Day CHG~0.00%
Published-03 Feb, 2023 | 19:57
Updated-06 Aug, 2024 | 18:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
fanzila WebFinance save_Contract_Signer_Role.php sql injection

A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql injection. The patch is identified as abad81af614a9ceef3f29ab22ca6bae517619e06. It is recommended to apply a patch to fix this issue. VDB-220054 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-webfinance_projectfanzila
Product-webfinanceWebFinance
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found