CVE-2012-3951

Public exploit
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.
Max CVSS
7.5
EPSS Score
77.01%
Published
2012-07-31
Updated
2018-03-12

CVE-2012-2962

Public exploit
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.
Max CVSS
6.5
EPSS Score
97.47%
Published
2012-07-30
Updated
2018-03-12
Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861.
Max CVSS
7.5
EPSS Score
0.09%
Published
2012-12-23
Updated
2012-12-24
SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2012-11-26
Updated
2012-11-27
SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.
Max CVSS
6.5
EPSS Score
0.13%
Published
2012-12-19
Updated
2019-07-29
Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php.
Max CVSS
7.5
EPSS Score
0.26%
Published
2012-11-17
Updated
2017-08-29
SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter.
Max CVSS
6.5
EPSS Score
0.26%
Published
2012-11-17
Updated
2017-08-29
SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.
Max CVSS
7.5
EPSS Score
0.08%
Published
2012-11-17
Updated
2017-08-29
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php.
Max CVSS
7.5
EPSS Score
1.96%
Published
2012-11-17
Updated
2013-01-15
SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter.
Max CVSS
7.5
EPSS Score
0.21%
Published
2012-11-17
Updated
2017-08-29
Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allow remote attackers to execute arbitrary SQL commands via (1) the inverterselect parameter in a primo action to dettagliinverter.php or (2) the lingua parameter to changelanguagesession.php.
Max CVSS
7.5
EPSS Score
0.58%
Published
2012-11-23
Updated
2017-08-29
SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.15%
Published
2012-12-26
Updated
2013-02-26
SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.12%
Published
2012-12-03
Updated
2012-12-04
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167.
Max CVSS
6.5
EPSS Score
0.16%
Published
2012-10-22
Updated
2013-04-11
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks.
Max CVSS
6.0
EPSS Score
0.09%
Published
2012-12-03
Updated
2017-08-29
SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode.
Max CVSS
6.0
EPSS Score
0.34%
Published
2012-10-09
Updated
2017-08-29
SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php.
Max CVSS
6.8
EPSS Score
0.08%
Published
2012-10-09
Updated
2017-08-29
Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.
Max CVSS
7.5
EPSS Score
0.10%
Published
2012-10-09
Updated
2017-08-29
SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter.
Max CVSS
7.5
EPSS Score
1.34%
Published
2012-10-08
Updated
2017-08-29
SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
1.34%
Published
2012-10-08
Updated
2017-08-29
Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php.
Max CVSS
6.5
EPSS Score
0.09%
Published
2012-10-08
Updated
2013-01-31
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action.
Max CVSS
6.5
EPSS Score
0.16%
Published
2012-10-08
Updated
2017-08-29
SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process action.
Max CVSS
7.5
EPSS Score
0.25%
Published
2012-10-08
Updated
2012-10-24
SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter.
Max CVSS
7.5
EPSS Score
0.07%
Published
2012-10-08
Updated
2017-08-29
SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
Max CVSS
7.5
EPSS Score
0.08%
Published
2012-10-08
Updated
2017-08-29
240 vulnerabilities found
1 2 3 4 5 6 7 8 9 10
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!