Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2015-6910

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-11 Sep, 2015 | 16:00
Updated At-06 Aug, 2024 | 07:36
Rejected At-
Credits

SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:11 Sep, 2015 | 16:00
Updated At:06 Aug, 2024 | 07:36
Rejected At:
▼CVE Numbering Authority (CNA)

SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.synology.com/en-global/support/security/Video_Station_1_5_0757
x_refsource_CONFIRM
https://www.securify.nl/advisory/SFY20150810/synology_video_station_command_injection_and_multiple_sql_injection_vulnerabilities.html
x_refsource_MISC
https://www.synology.com/en-global/releaseNote/VideoStation?model=DS715
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/536427/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://seclists.org/fulldisclosure/2015/Sep/31
mailing-list
x_refsource_FULLDISC
http://packetstormsecurity.com/files/133519/Synology-Video-Station-1.5-0757-Command-Injection-SQL-Injection.html
x_refsource_MISC
Hyperlink: https://www.synology.com/en-global/support/security/Video_Station_1_5_0757
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.securify.nl/advisory/SFY20150810/synology_video_station_command_injection_and_multiple_sql_injection_vulnerabilities.html
Resource:
x_refsource_MISC
Hyperlink: https://www.synology.com/en-global/releaseNote/VideoStation?model=DS715
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/536427/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://seclists.org/fulldisclosure/2015/Sep/31
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://packetstormsecurity.com/files/133519/Synology-Video-Station-1.5-0757-Command-Injection-SQL-Injection.html
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.synology.com/en-global/support/security/Video_Station_1_5_0757
x_refsource_CONFIRM
x_transferred
https://www.securify.nl/advisory/SFY20150810/synology_video_station_command_injection_and_multiple_sql_injection_vulnerabilities.html
x_refsource_MISC
x_transferred
https://www.synology.com/en-global/releaseNote/VideoStation?model=DS715
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/archive/1/536427/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://seclists.org/fulldisclosure/2015/Sep/31
mailing-list
x_refsource_FULLDISC
x_transferred
http://packetstormsecurity.com/files/133519/Synology-Video-Station-1.5-0757-Command-Injection-SQL-Injection.html
x_refsource_MISC
x_transferred
Hyperlink: https://www.synology.com/en-global/support/security/Video_Station_1_5_0757
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.securify.nl/advisory/SFY20150810/synology_video_station_command_injection_and_multiple_sql_injection_vulnerabilities.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.synology.com/en-global/releaseNote/VideoStation?model=DS715
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/536427/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2015/Sep/31
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://packetstormsecurity.com/files/133519/Synology-Video-Station-1.5-0757-Command-Injection-SQL-Injection.html
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:11 Sep, 2015 | 16:59
Updated At:06 May, 2026 | 22:30

SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Synology, Inc.
synology
>>video_station>>Versions up to 1.5-0754(inclusive)
cpe:2.3:a:synology:video_station:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.com/files/133519/Synology-Video-Station-1.5-0757-Command-Injection-SQL-Injection.htmlcve@mitre.org
Exploit
http://seclists.org/fulldisclosure/2015/Sep/31cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/536427/100/0/threadedcve@mitre.org
N/A
https://www.securify.nl/advisory/SFY20150810/synology_video_station_command_injection_and_multiple_sql_injection_vulnerabilities.htmlcve@mitre.org
Exploit
https://www.synology.com/en-global/releaseNote/VideoStation?model=DS715cve@mitre.org
Vendor Advisory
https://www.synology.com/en-global/support/security/Video_Station_1_5_0757cve@mitre.org
Vendor Advisory
http://packetstormsecurity.com/files/133519/Synology-Video-Station-1.5-0757-Command-Injection-SQL-Injection.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
http://seclists.org/fulldisclosure/2015/Sep/31af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/536427/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.securify.nl/advisory/SFY20150810/synology_video_station_command_injection_and_multiple_sql_injection_vulnerabilities.htmlaf854a3a-2127-422b-91ae-364da2661108
Exploit
https://www.synology.com/en-global/releaseNote/VideoStation?model=DS715af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.synology.com/en-global/support/security/Video_Station_1_5_0757af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://packetstormsecurity.com/files/133519/Synology-Video-Station-1.5-0757-Command-Injection-SQL-Injection.html
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: http://seclists.org/fulldisclosure/2015/Sep/31
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/536427/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.securify.nl/advisory/SFY20150810/synology_video_station_command_injection_and_multiple_sql_injection_vulnerabilities.html
Source: cve@mitre.org
Resource:
Exploit
Hyperlink: https://www.synology.com/en-global/releaseNote/VideoStation?model=DS715
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://www.synology.com/en-global/support/security/Video_Station_1_5_0757
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://packetstormsecurity.com/files/133519/Synology-Video-Station-1.5-0757-Command-Injection-SQL-Injection.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: http://seclists.org/fulldisclosure/2015/Sep/31
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/536427/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.securify.nl/advisory/SFY20150810/synology_video_station_command_injection_and_multiple_sql_injection_vulnerabilities.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Hyperlink: https://www.synology.com/en-global/releaseNote/VideoStation?model=DS715
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: https://www.synology.com/en-global/support/security/Video_Station_1_5_0757
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

7559Records found
CVE-2019-11821
Matching Score-10
Assigner-Synology Inc.
ShareView Details
Matching Score-10
Assigner-Synology Inc.
CVSS Score-7.3||HIGH
EPSS-1.71% / 74.39%
||
7 Day CHG~0.00%
Published-30 Jun, 2019 | 15:00
Updated-17 Sep, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in synophoto_csPhotoDB.php in Synology Photo Station before 6.8.11-3489 and before 6.3-2977 allows remote attackers to execute arbitrary SQL command via the type parameter.

Action-Not Available
Vendor-Synology, Inc.
Product-photo_stationPhoto Station
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-43925
Matching Score-10
Assigner-Synology Inc.
ShareView Details
Matching Score-10
Assigner-Synology Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.86% / 53.81%
||
7 Day CHG~0.00%
Published-07 Feb, 2022 | 02:15
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-diskstation_managerDiskStation Manager (DSM)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-43927
Matching Score-10
Assigner-Synology Inc.
ShareView Details
Matching Score-10
Assigner-Synology Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.86% / 53.81%
||
7 Day CHG~0.00%
Published-07 Feb, 2022 | 02:15
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-diskstation_managerDiskStation Manager (DSM)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-43926
Matching Score-10
Assigner-Synology Inc.
ShareView Details
Matching Score-10
Assigner-Synology Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.86% / 53.81%
||
7 Day CHG~0.00%
Published-07 Feb, 2022 | 02:15
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-diskstation_managerDiskStation Manager (DSM)
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-33180
Matching Score-10
Assigner-Synology Inc.
ShareView Details
Matching Score-10
Assigner-Synology Inc.
CVSS Score-7.3||HIGH
EPSS-0.99% / 58.07%
||
7 Day CHG~0.00%
Published-01 Jun, 2021 | 09:45
Updated-17 Sep, 2024 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-media_serverSynology Media Server
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-11161
Matching Score-10
Assigner-Synology Inc.
ShareView Details
Matching Score-10
Assigner-Synology Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.24% / 65.32%
||
7 Day CHG~0.00%
Published-08 Sep, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to label.php; or (2) type parameter to synotheme.php.

Action-Not Available
Vendor-Synology, Inc.
Product-photo_stationSynology Photo Station
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2015-6911
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.43% / 82.11%
||
7 Day CHG~0.00%
Published-11 Sep, 2015 | 16:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.

Action-Not Available
Vendor-n/aSynology, Inc.
Product-video_stationn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-8914
Matching Score-10
Assigner-Synology Inc.
ShareView Details
Matching Score-10
Assigner-Synology Inc.
CVSS Score-7.3||HIGH
EPSS-1.31% / 66.96%
||
7 Day CHG~0.00%
Published-10 May, 2018 | 13:00
Updated-16 Sep, 2024 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter.

Action-Not Available
Vendor-Synology, Inc.
Product-media_serverMedia Server
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-22687
Matching Score-8
Assigner-Synology Inc.
ShareView Details
Matching Score-8
Assigner-Synology Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.28% / 80.93%
||
7 Day CHG~0.00%
Published-25 Mar, 2022 | 06:55
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-diskstation_managerdiskstation_manager_unified_controllerDiskStation Manager (DSM)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-27646
Matching Score-8
Assigner-Synology Inc.
ShareView Details
Matching Score-8
Assigner-Synology Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.79% / 88.58%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 06:45
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use After Free vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

Action-Not Available
Vendor-Synology, Inc.
Product-diskstation_managerSynology DiskStation Manager (DSM)
CWE ID-CWE-416
Use After Free
CVE-2021-27649
Matching Score-8
Assigner-Synology Inc.
ShareView Details
Matching Score-8
Assigner-Synology Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.01% / 78.30%
||
7 Day CHG~0.00%
Published-23 Jun, 2021 | 09:50
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-diskstation_managerdiskstation_manager_unified_controllerDiskStation Manager (DSM)
CWE ID-CWE-416
Use After Free
CVE-2013-6987
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-14.89% / 96.27%
||
7 Day CHG~0.00%
Published-31 Dec, 2013 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.

Action-Not Available
Vendor-n/aSynology, Inc.
Product-diskstation_managern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-27654
Matching Score-8
Assigner-Synology Inc.
ShareView Details
Matching Score-8
Assigner-Synology Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.62% / 90.50%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 08:55
Updated-17 Sep, 2024 | 04:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.

Action-Not Available
Vendor-Synology, Inc.
Product-router_managerSynology Router Manager (SRM)
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-27655
Matching Score-8
Assigner-Synology Inc.
ShareView Details
Matching Score-8
Assigner-Synology Inc.
CVSS Score-6.5||MEDIUM
EPSS-1.75% / 74.88%
||
7 Day CHG~0.00%
Published-29 Oct, 2020 | 08:55
Updated-17 Sep, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

Action-Not Available
Vendor-Synology, Inc.
Product-router_managerSynology Router Manager (SRM)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-27647
Matching Score-8
Assigner-Synology Inc.
ShareView Details
Matching Score-8
Assigner-Synology Inc.
CVSS Score-9.8||CRITICAL
EPSS-3.13% / 86.22%
||
7 Day CHG~0.00%
Published-12 Mar, 2021 | 06:35
Updated-14 Jan, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.

Action-Not Available
Vendor-Synology, Inc.
Product-diskstation_managerSynology DiskStation Manager (DSM)
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-14491
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-84.92% / 99.68%
||
7 Day CHG~0.00%
Published-02 Oct, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Action-Not Available
Vendor-thekelleysn/aCanonical Ltd.Siemens AGMicrosoft CorporationopenSUSEHuawei Technologies Co., Ltd.Synology, Inc.NVIDIA CorporationSUSERed Hat, Inc.Aruba NetworksDebian GNU/LinuxArista Networks, Inc.
Product-debian_linuxubuntu_linuxscalance_s615scalance_m-800eoshonor_v9_playenterprise_linux_desktopscalance_w1750d_firmwarelinux_enterprise_debuginfoscalance_w1750ddiskstation_managerlinux_enterprise_serverruggedcom_rm1224_firmwarerouter_managerjetson_tk1enterprise_linux_workstationenterprise_linux_serverscalance_s615_firmwarearubaosgeforce_experiencescalance_m-800_firmwareleapwindowshonor_v9_play_firmwarelinux_for_tegradnsmasqjetson_tx1ruggedcom_rm1224linux_enterprise_point_of_salen/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2017-11151
Matching Score-8
Assigner-Synology Inc.
ShareView Details
Matching Score-8
Assigner-Synology Inc.
CVSS Score-9.8||CRITICAL
EPSS-25.25% / 97.66%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.

Action-Not Available
Vendor-Synology, Inc.
Product-photo_stationSynology Photo Station
CWE ID-CWE-287
Improper Authentication
CVE-2017-11153
Matching Score-8
Assigner-Synology Inc.
ShareView Details
Matching Score-8
Assigner-Synology Inc.
CVSS Score-9.8||CRITICAL
EPSS-19.10% / 96.96%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.

Action-Not Available
Vendor-Synology, Inc.
Product-photo_stationSynology Photo Station
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2016-10329
Matching Score-8
Assigner-Synology Inc.
ShareView Details
Matching Score-8
Assigner-Synology Inc.
CVSS Score-9.8||CRITICAL
EPSS-40.45% / 98.46%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.

Action-Not Available
Vendor-Synology, Inc.
Product-photo_stationSynology Photo Station
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2019-11829
Matching Score-8
Assigner-Synology Inc.
ShareView Details
Matching Score-8
Assigner-Synology Inc.
CVSS Score-7.3||HIGH
EPSS-2.25% / 80.63%
||
7 Day CHG~0.00%
Published-30 Jun, 2019 | 15:05
Updated-16 Sep, 2024 | 18:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OS command injection vulnerability in drivers_syno_import_user.php in Synology Calendar before 2.3.1-0617 allows remote attackers to execute arbitrary commands via the crafted 'X-Real-IP' header.

Action-Not Available
Vendor-Synology, Inc.
Product-calendarCalendar
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-29235
Matching Score-6
Assigner-Synology Inc.
ShareView Details
Matching Score-6
Assigner-Synology Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.59% / 43.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:26
Updated-04 Aug, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in IOModule.EnumLog webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-surveillance_stationdiskstation_managerSurveillance Station
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-29090
Matching Score-6
Assigner-Synology Inc.
ShareView Details
Matching Score-6
Assigner-Synology Inc.
CVSS Score-7.2||HIGH
EPSS-1.67% / 73.81%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 02:00
Updated-17 Sep, 2024 | 03:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in PHP component in Synology Photo Station before 6.8.14-3500 allows remote authenticated users to execute arbitrary SQL command via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-photo_stationSynology Photo Station
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2021-29089
Matching Score-6
Assigner-Synology Inc.
ShareView Details
Matching Score-6
Assigner-Synology Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.93% / 77.38%
||
7 Day CHG~0.00%
Published-02 Jun, 2021 | 02:15
Updated-16 Sep, 2024 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in thumbnail component in Synology Photo Station before 6.8.14-3500 allows remote attackers users to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-photo_stationSynology Photo Station
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2020-27660
Matching Score-6
Assigner-Synology Inc.
ShareView Details
Matching Score-6
Assigner-Synology Inc.
CVSS Score-9.6||CRITICAL
EPSS-4.55% / 90.37%
||
7 Day CHG~0.00%
Published-30 Nov, 2020 | 09:30
Updated-17 Sep, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter.

Action-Not Available
Vendor-Synology, Inc.
Product-safeaccessSafe Access
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-29239
Matching Score-6
Assigner-Synology Inc.
ShareView Details
Matching Score-6
Assigner-Synology Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.59% / 43.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:28
Updated-04 Aug, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Recording.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-surveillance_stationdiskstation_managerSurveillance Station
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-29227
Matching Score-6
Assigner-Synology Inc.
ShareView Details
Matching Score-6
Assigner-Synology Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.59% / 43.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:08
Updated-04 Aug, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Layout.LayoutSave webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-surveillance_stationdiskstation_managerSurveillance Stationsurveillance_station
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-27613
Matching Score-6
Assigner-Synology Inc.
ShareView Details
Matching Score-6
Assigner-Synology Inc.
CVSS Score-8.3||HIGH
EPSS-0.90% / 54.88%
||
7 Day CHG~0.00%
Published-28 Jul, 2022 | 06:35
Updated-17 Sep, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in webapi component in Synology CardDAV Server before 6.0.10-0153 allows remote authenticated users to inject SQL commands via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-carddav_serverCardDAV Server
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-29232
Matching Score-6
Assigner-Synology Inc.
ShareView Details
Matching Score-6
Assigner-Synology Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.59% / 43.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:24
Updated-04 Aug, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Alert.Enum webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-surveillance_stationdiskstation_managerSurveillance Station
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-29230
Matching Score-6
Assigner-Synology Inc.
ShareView Details
Matching Score-6
Assigner-Synology Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.59% / 43.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:22
Updated-04 Aug, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in SnapShot.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-surveillance_stationdiskstation_managerSurveillance Station
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-29237
Matching Score-6
Assigner-Synology Inc.
ShareView Details
Matching Score-6
Assigner-Synology Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.59% / 43.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:27
Updated-04 Aug, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in ActionRule.Delete webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-surveillance_stationdiskstation_managerSurveillance Station
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-29234
Matching Score-6
Assigner-Synology Inc.
ShareView Details
Matching Score-6
Assigner-Synology Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.59% / 43.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:26
Updated-04 Aug, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Group.Save webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-surveillance_stationdiskstation_managerSurveillance Station
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-29236
Matching Score-6
Assigner-Synology Inc.
ShareView Details
Matching Score-6
Assigner-Synology Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.59% / 43.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:27
Updated-04 Aug, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in AudioPattern.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-surveillance_stationdiskstation_managerSurveillance Station
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-29233
Matching Score-6
Assigner-Synology Inc.
ShareView Details
Matching Score-6
Assigner-Synology Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.59% / 43.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:25
Updated-04 Aug, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Emap.Delete webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-surveillance_stationdiskstation_managerSurveillance Station
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-29238
Matching Score-6
Assigner-Synology Inc.
ShareView Details
Matching Score-6
Assigner-Synology Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.59% / 43.44%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:28
Updated-04 Aug, 2025 | 19:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log.CountByCategory webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allows remote authenticated users to read database containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-surveillance_stationdiskstation_managerSurveillance Station
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1050
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 57.43%
||
7 Day CHG~0.00%
Published-22 Mar, 2010 | 18:17
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter.

Action-Not Available
Vendor-alexandre_dubusn/a
Product-audistatn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1013
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 61.30%
||
7 Day CHG~0.00%
Published-19 Mar, 2010 | 18:35
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-fr.simon_rundelln/aTYPO3 Association
Product-pd_diocesedatabasetypo3n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-0974
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 57.23%
||
7 Day CHG~0.00%
Published-16 Mar, 2010 | 18:26
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) video_show.php, (2) spotlight_detail.php, (3) real_estate_details.php, and (4) auto_details.php.

Action-Not Available
Vendor-phpcityportaln/a
Product-phpcityportaln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7814
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.40% / 31.63%
||
7 Day CHG+0.02%
Published-18 Jul, 2025 | 21:44
Updated-29 Jul, 2025 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Food Ordering Review System signup_function.php sql injection

A vulnerability classified as critical was found in code-projects Food Ordering Review System 1.0. This vulnerability affects unknown code of the file /pages/signup_function.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-food_ordering_review_systemFood Ordering Review System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-7833
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.39% / 31.11%
||
7 Day CHG+0.02%
Published-19 Jul, 2025 | 15:44
Updated-29 Jul, 2025 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Church Donation System giving.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1.0. This issue affects some unknown processing of the file /members/giving.php. The manipulation of the argument Amount leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-carmeloSource Code & Projects
Product-church_donation_systemChurch Donation System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1743
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.15% / 62.82%
||
7 Day CHG~0.00%
Published-06 May, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in projects.php in Scratcher allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-satyadeepn/a
Product-scratchern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1047
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.00% / 58.43%
||
7 Day CHG~0.00%
Published-22 Mar, 2010 | 18:17
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a singer action.

Action-Not Available
Vendor-masa2eln/a
Product-music_cityn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1049
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.00% / 58.29%
||
7 Day CHG~0.00%
Published-22 Mar, 2010 | 18:17
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php.

Action-Not Available
Vendor-uigan/a
Product-business_portaln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-0800
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.15% / 62.78%
||
7 Day CHG~0.00%
Published-02 Mar, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a view_category action to index.php.

Action-Not Available
Vendor-joomservicesn/aJoomla!
Product-joomla\!com_dmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-0951
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 57.23%
||
7 Day CHG~0.00%
Published-09 Mar, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter.

Action-Not Available
Vendor-dev4un/a
Product-dev4u_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2017-17583
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.98% / 85.52%
||
7 Day CHG~0.00%
Published-13 Dec, 2017 | 09:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter.

Action-Not Available
Vendor-shutterstock_clone_projectn/a
Product-shutterstock_clonen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-8234
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.47% / 37.08%
||
7 Day CHG~0.00%
Published-27 Jul, 2025 | 15:02
Updated-05 Aug, 2025 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Ordering System delete_member.php sql injection

A vulnerability was found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_member.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & ProjectsFabian Ros
Product-online_ordering_systemOnline Ordering System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-0964
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.15% / 62.83%
||
7 Day CHG~0.00%
Published-16 Mar, 2010 | 18:26
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in start.php in Eros Webkatalog allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.

Action-Not Available
Vendor-media-productsn/a
Product-eros_webkatalogn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1018
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.00% / 58.36%
||
7 Day CHG~0.00%
Published-19 Mar, 2010 | 18:35
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-jochen_raun/aTYPO3 Association
Product-sk_bookreviewtypo3n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1301
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.63% / 83.52%
||
7 Day CHG~0.00%
Published-07 Apr, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter.

Action-Not Available
Vendor-merethisn/a
Product-centreonn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2010-1605
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.00% / 58.36%
||
7 Day CHG~0.00%
Published-29 Apr, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in isearch.php in NCT Jobs Portal Script allow remote attackers to execute arbitrary SQL commands via the (1) anyword and (2) cityname parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-ncryptedn/a
Product-nct_jobs_portal_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 151
  • 152
  • Next
Details not found