Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php.
Max CVSS
7.5
EPSS Score
0.10%
Published
2011-12-30
Updated
2017-08-29
SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.13%
Published
2011-12-30
Updated
2017-08-29
Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.11%
Published
2011-12-29
Updated
2017-08-29
SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter.
Max CVSS
7.5
EPSS Score
0.11%
Published
2011-12-29
Updated
2011-12-29
SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL commands via a certificateslist cookie to notification@/.
Max CVSS
7.5
EPSS Score
0.12%
Published
2011-12-16
Updated
2017-08-29
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.
Max CVSS
7.5
EPSS Score
0.21%
Published
2011-12-15
Updated
2018-10-09
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.
Max CVSS
7.5
EPSS Score
0.14%
Published
2011-12-15
Updated
2011-12-15
SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information.
Max CVSS
6.8
EPSS Score
0.14%
Published
2011-12-15
Updated
2012-02-09
SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter.
Max CVSS
7.5
EPSS Score
0.37%
Published
2011-12-15
Updated
2017-08-29
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.
Max CVSS
7.5
EPSS Score
0.14%
Published
2011-12-15
Updated
2012-02-09
SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2011-12-14
Updated
2012-02-10
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.
Max CVSS
7.5
EPSS Score
0.13%
Published
2011-12-14
Updated
2012-02-10
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2011-12-14
Updated
2012-03-05
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php.
Max CVSS
6.5
EPSS Score
0.19%
Published
2011-12-14
Updated
2023-02-02
SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Max CVSS
7.5
EPSS Score
0.12%
Published
2011-12-14
Updated
2013-08-18
Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files.
Max CVSS
7.5
EPSS Score
0.13%
Published
2011-12-16
Updated
2017-08-29
Multiple SQL injection vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by domains/sitebuilder_edit.php and certain other files.
Max CVSS
7.5
EPSS Score
0.13%
Published
2011-12-16
Updated
2017-08-29
Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by file-manager/ and certain other files.
Max CVSS
7.5
EPSS Score
0.13%
Published
2011-12-16
Updated
2019-04-22
Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by login_up.php3 and certain other files.
Max CVSS
7.5
EPSS Score
0.13%
Published
2011-12-16
Updated
2019-04-22
Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI.
Max CVSS
7.5
EPSS Score
0.11%
Published
2011-12-08
Updated
2021-03-29
SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2011-12-02
Updated
2017-08-29
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2011-12-02
Updated
2017-08-29
Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php.
Max CVSS
7.5
EPSS Score
0.09%
Published
2011-12-02
Updated
2018-10-09
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).
Max CVSS
7.5
EPSS Score
0.09%
Published
2011-12-02
Updated
2011-12-13
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php.
Max CVSS
7.5
EPSS Score
0.14%
Published
2011-12-02
Updated
2017-08-29
293 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!