Vulnerabilities (CVE)

Filtered by CWE-89
Total 15161 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-10376 1 Themeist 1 I Recommend This 2024-11-21 7.5 HIGH 9.8 CRITICAL
The i-recommend-this plugin before 3.7.3 for WordPress has SQL injection.
CVE-2013-5945 1 Dlink 16 Dsr-1000, Dsr-1000 Firmware, Dsr-1000n and 13 more 2024-11-21 10.0 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary SQL commands via the password to (1) the login.authenticate function in share/lua/5.1/teamf1lualib/login.lua or (2) captivePortal.lua.
CVE-2013-5743 1 Zabbix 1 Zabbix 2024-11-21 7.5 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.
CVE-2013-4717 1 Otrs 2 Otrs, Otrs Itsm 2024-11-21 6.5 MEDIUM 8.8 HIGH
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm.
CVE-2013-3932 1 Jomres 1 Jomres 2024-11-21 6.5 MEDIUM 8.8 HIGH
SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php.
CVE-2013-3638 1 Boonex 1 Dolphin 2024-11-21 6.5 MEDIUM 8.8 HIGH
SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remote authenticated users to execute arbitrary SQL commands via the 'pathes' parameter in 'categories.php'.
CVE-2013-3000 1 Ibm 1 Infosphere Data Replication Dashboard 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in IBM InfoSphere Data Replication Dashboard 9.7 and 10.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. IBM X-Force ID: 84116.
CVE-2013-2745 2 Debian, Minidlna Project 2 Debian Linux, Minidlna 2024-11-21 7.5 HIGH 9.8 CRITICAL
An SQL Injection vulnerability exists in MiniDLNA prior to 1.1.0
CVE-2013-2738 1 Readymedia Project 1 Readymedia 2024-11-21 7.5 HIGH 9.8 CRITICAL
minidlna has SQL Injection that may allow retrieval of arbitrary files
CVE-2013-2091 1 Dolibarr 1 Dolibarr 2024-11-21 7.5 HIGH 9.8 CRITICAL
SQL injection vulnerability in Dolibarr ERP/CRM 3.3.1 allows remote attackers to execute arbitrary SQL commands via the 'pays' parameter in fiche.php.
CVE-2013-2018 1 Berkeley 1 Boinc 2024-11-21 7.5 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2013-1401 1 Cardozatechnologies 1 Wordpress Poll 2024-11-21 7.5 HIGH 9.8 CRITICAL
Multiple security bypass vulnerabilities in the editAnswer, deleteAnswer, addAnswer, and deletePoll functions in WordPress Poll Plugin 34.5 for WordPress allow a remote attacker to add, edit, and delete an answer and delete a poll.
CVE-2013-1400 1 Cardozatechnologies 1 Wordpress Poll 2024-11-21 7.5 HIGH 9.8 CRITICAL
Multiple SQL injection vulnerabilities in CWPPoll.js in WordPress Poll Plugin 34.5 for WordPress allow attackers to execute arbitrary SQL commands via the pollid or poll_id parameter in a viewPollResults or userlogs action.
CVE-2013-10023 1 Editorial Calendar Project 1 Editorial Calendar 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in Editorial Calendar Plugin up to 2.6. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The attack can be launched remotely. Upgrading to version 2.7 is able to address this issue. The name of the patch is a9277f13781187daee760b4dfd052b1b68e101cc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-225151.
CVE-2013-10019 1 Oclc 1 Oaicat 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
A vulnerability was found in OCLC-Research OAICat 1.5.61. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The attack may be initiated remotely. Upgrading to version 1.5.62 is able to address this issue. The name of the patch is 6cc65501869fa663bcd24a70b63f41f5cfe6b3e1. It is recommended to upgrade the affected component. The identifier VDB-221489 was assigned to this vulnerability.
CVE-2013-10018 2024-11-21 5.2 MEDIUM 5.5 MEDIUM
A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/save_contact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injection. The name of the patch is 165dfcaa0520ee0179b7c1282efb84f5a03df114. It is recommended to apply a patch to fix this issue. The identifier VDB-220057 was assigned to this vulnerability.
CVE-2013-10017 2024-11-21 5.2 MEDIUM 5.5 MEDIUM
A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220056.
CVE-2013-10016 2024-11-21 5.2 MEDIUM 5.5 MEDIUM
A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of the argument id leads to sql injection. The name of the patch is 306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-220055.
CVE-2013-10015 2024-11-21 5.2 MEDIUM 5.5 MEDIUM
A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql injection. The name of the patch is abad81af614a9ceef3f29ab22ca6bae517619e06. It is recommended to apply a patch to fix this issue. VDB-220054 is the identifier assigned to this vulnerability.
CVE-2013-10014 1 2moons Project 1 2moons 2024-11-21 5.2 MEDIUM 5.5 MEDIUM
A vulnerability classified as critical has been found in oktora24 2moons. Affected is an unknown function. The manipulation leads to sql injection. The patch is identified as 1b09cf7672eb85b5b0c8a4de321f7a4ad87b09a7. It is recommended to apply a patch to fix this issue. VDB-218898 is the identifier assigned to this vulnerability.