CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2012(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2012-6427 89 Exec Code Sql 2012-12-23 2012-12-24
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861.
2 CVE-2012-6039 89 1 Exec Code Sql 2012-11-26 2012-11-27
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter.
3 CVE-2012-5967 89 Exec Code Sql 2012-12-19 2013-01-29
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 allows remote authenticated users to execute arbitrary SQL commands via the menu parameter.
4 CVE-2012-5912 89 2 Exec Code Sql 2012-11-17 2012-11-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php.
5 CVE-2012-5910 89 1 Exec Code Sql 2012-11-17 2012-11-19
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter.
6 CVE-2012-5909 89 1 Exec Code Sql 2012-11-17 2012-11-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php.
7 CVE-2012-5900 89 2 Exec Code Sql 2012-11-17 2013-01-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php.
8 CVE-2012-5894 89 1 Exec Code Sql 2012-11-17 2012-11-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter.
9 CVE-2012-5861 89 1 Exec Code Sql 2012-11-23 2013-02-02
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allow remote attackers to execute arbitrary SQL commands via (1) the inverterselect parameter in a primo action to dettagliinverter.php or (2) the lingua parameter to changelanguagesession.php.
10 CVE-2012-5664 89 Exec Code Sql 2012-12-26 2012-12-27
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Authlogic gem for Ruby on Rails allows remote attackers to execute arbitrary SQL commands via a crafted parameter in conjunction with a secret_token value, related to certain behavior of find_by_id and other find_by_ methods.
11 CVE-2012-5590 89 Exec Code Sql 2012-12-26 2013-02-25
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
12 CVE-2012-5550 89 Exec Code Sql 2012-12-03 2012-12-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
13 CVE-2012-5453 89 Exec Code Sql 2012-10-22 2013-04-10
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167.
14 CVE-2012-5367 89 1 Exec Code Sql CSRF 2012-12-03 2013-08-21
6.0
None Remote Medium Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks.
15 CVE-2012-5350 89 1 Exec Code Sql 2012-10-09 2012-10-10
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode.
16 CVE-2012-5348 89 1 Exec Code Sql 2012-10-09 2012-10-10
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php.
17 CVE-2012-5342 89 1 Exec Code Sql 2012-10-09 2013-01-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.
18 CVE-2012-5334 89 1 Exec Code Sql 2012-10-08 2013-01-31
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter.
19 CVE-2012-5333 89 1 Exec Code Sql 2012-10-08 2013-01-31
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter.
20 CVE-2012-5328 89 Exec Code Sql 2012-10-08 2013-01-31
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php.
21 CVE-2012-5327 89 1 Exec Code Sql 2012-10-08 2013-01-31
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action.
22 CVE-2012-5317 89 Exec Code Sql 2012-10-08 2012-10-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process action.
23 CVE-2012-5313 89 Exec Code Sql 2012-10-08 2012-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter.
24 CVE-2012-5312 89 1 Exec Code Sql 2012-10-08 2012-10-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
25 CVE-2012-5310 89 Exec Code Sql 2012-10-08 2012-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
26 CVE-2012-5300 89 1 Exec Code Sql 2012-10-04 2012-10-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
27 CVE-2012-5297 89 Exec Code Sql 2012-10-04 2012-10-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter.
28 CVE-2012-5294 89 1 Exec Code Sql 2012-10-04 2012-10-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter.
29 CVE-2012-5292 89 1 Exec Code Sql 2012-10-04 2012-10-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.
30 CVE-2012-5291 89 1 Exec Code Sql 2012-10-04 2012-10-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter.
31 CVE-2012-5290 89 1 Exec Code Sql 2012-10-04 2012-10-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitrary SQL commands via the (1) lstid parameter to listings.php or (2) infoid parameter to index.php.
32 CVE-2012-5289 89 1 Exec Code Sql 2012-10-04 2013-02-07
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php.
33 CVE-2012-5288 89 1 Exec Code Sql 2012-10-04 2012-10-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
34 CVE-2012-5227 89 1 Exec Code Sql 2012-10-01 2012-10-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.
35 CVE-2012-5167 89 Exec Code Sql 2012-10-22 2013-04-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_submit.php or (2) user/index_inline_editor_submit.php; or (3) id parameter to user/user_password.php.
36 CVE-2012-5162 89 Exec Code Sql 2012-09-25 2013-01-18
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) edit_category_post or (2) enable_category action to index.php.
37 CVE-2012-5101 89 Exec Code Sql 2012-09-23 2012-09-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
38 CVE-2012-5098 89 1 Exec Code Sql 2012-09-23 2012-09-24
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (3) t parameter to pop.php.
39 CVE-2012-5000 89 1 Exec Code Sql 2012-09-19 2012-09-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 for deV!L'z Clanportal allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
40 CVE-2012-4996 89 1 Exec Code Sql 2012-09-19 2012-09-20
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.php.
41 CVE-2012-4994 89 Exec Code Sql 2012-09-19 2012-09-21
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NOTE: some of these details are obtained from third party information.
42 CVE-2012-4990 89 Exec Code Sql 2012-10-22 2012-11-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action.
43 CVE-2012-4971 89 Exec Code Sql 2012-12-12 2012-12-12
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserlogin.asp; the (10) sys_userpwd parameter to validateuserlogin.asp; the (11) sql parameter to editenduseruser.asp; the (12) sql parameter to manageenduserrequestclasses.asp; the (13) sql parameter to resetpwdenduser.asp; the (14) sql parameter to disableloginenduser.asp; the (15) sql parameter to deleteenduseruser.asp; the (16) sql parameter to manageendusers.asp; or the (17) site parameter to statsrequestagereport.asp.
44 CVE-2012-4951 89 Exec Code Sql 2012-11-15 2013-03-01
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter.
45 CVE-2012-4949 89 Exec Code Sql 2012-11-14 2013-03-01
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
46 CVE-2012-4941 89 Exec Code Sql 2012-11-18 2013-06-25
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
47 CVE-2012-4927 89 2 Exec Code Sql 2012-09-15 2012-09-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.
48 CVE-2012-4925 89 1 Exec Code Sql 2012-09-15 2012-09-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
49 CVE-2012-4868 89 Exec Code Sql 2012-09-06 2012-09-07
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
50 CVE-2012-4772 89 1 Exec Code Sql 2012-10-22 2013-06-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter.
Total number of vulnerabilities : 242   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.