Vulnerabilities (CVE)

Filtered by CWE-89
Total 11922 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-8999 1 Xoops 1 Xoops 2014-11-24 6.5 MEDIUM N/A
SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.
CVE-2014-8663 1 Sap 1 Netweaver Business Warehouse 2014-11-07 7.5 HIGH N/A
SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-6030 1 Classapps 1 Selectsurvey.net 2014-11-06 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx.
CVE-2014-5520 1 Xrms Crm Project 1 Xrms Crm 2014-10-31 7.5 HIGH N/A
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php.
CVE-2014-8363 1 Wordpress Spreadsheet Project 1 Wordpress Spreadsheet 2014-10-25 7.5 HIGH N/A
SQL injection vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
CVE-2014-3978 1 Tomatocart 1 Tomatocart 2014-10-24 6.5 MEDIUM N/A
SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact.
CVE-2014-7201 1 Kevin Renskers 1 Dmmjobcontrol 2014-10-22 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/.
CVE-2014-8294 1 Php Resource 1 Voice Of Web Allmyguests 2014-10-22 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests 0.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) allmyphp_cookie cookie to admin.php or the (2) Username or (3) Password.
CVE-2014-8295 1 Bacula 1 Bacula-web 2014-10-22 7.5 HIGH N/A
SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
CVE-2014-3382 1 Cisco 1 Asa 2014-10-12 7.8 HIGH N/A
The SQL*Net inspection engine in Cisco ASA Software 7.2 before 7.2(5.13), 8.2 before 8.2(5.50), 8.3 before 8.3(2.42), 8.4 before 8.4(7.15), 8.5 before 8.5(1.21), 8.6 before 8.6(1.14), 8.7 before 8.7(1.13), 9.0 before 9.0(4.5), and 9.1 before 9.1(5.1) allows remote attackers to cause a denial of service (device reload) via crafted SQL REDIRECT packets, aka Bug ID CSCum46027.
CVE-2014-7981 1 Joomla 1 Joomla\! 2014-10-10 7.5 HIGH N/A
SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before 3.2.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-5308 1 Testlink 1 Testlink 2014-10-09 9.0 HIGH N/A
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.php or (2) id parameter to lib/events/eventinfo.php.
CVE-2014-5503 1 Cyberoam 1 Cyberoam Os 2014-10-08 10.0 HIGH N/A
SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode.
CVE-2014-6295 1 Wec Map Project 1 Wec Map 2014-10-06 7.5 HIGH N/A
SQL injection vulnerability in the WEC Map (wec_map) extension before 3.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-6293 1 Kennziffer 1 Statistics 2014-10-06 7.5 HIGH N/A
SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014.
CVE-2012-0811 1 Postfix 1 Postfix 2014-10-02 6.5 MEDIUM N/A
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt function, when mysql_encrypt is configured, or (2) unspecified vectors that are used in backup files generated by backup.php.
CVE-2014-7153 1 Huge-it 1 Image Gallery 2014-09-22 6.5 MEDIUM N/A
SQL injection vulnerability in the editgallery function in admin/gallery_func.php in the Huge-IT Image Gallery plugin 1.0.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the removeslide parameter to wp-admin/admin.php.
CVE-2014-2376 1 Ecava 1 Integraxor 2014-09-16 7.5 HIGH N/A
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-6239 1 Address Visualization With Google Maps Project 1 Address Visualization With Google Maps 2014-09-11 7.5 HIGH N/A
SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2014-3904 1 Tenfourzero 1 Shutter 2014-09-08 7.5 HIGH N/A
SQL injection vulnerability in lib/admin.php in tenfourzero Shutter 0.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.