Total
15162 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-10550 | 1 Sequelizejs | 1 Sequelize | 2024-11-21 | N/A |
| sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS If user input goes into the `limit` or `order` parameters, a malicious user can put in their own SQL statements. This affects sequelize 3.16.0 and earlier. | ||||
| CVE-2016-10008 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| SQL injection vulnerability in the "Content Types > Content Types" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_STRUCTURE_direction parameter. | ||||
| CVE-2016-10007 | 1 Dotcms | 1 Dotcms | 2024-11-21 | N/A |
| SQL injection vulnerability in the "Marketing > Forms" screen in dotCMS before 3.7.2 and 4.x before 4.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the _EXT_FORM_HANDLER_orderBy parameter. | ||||
| CVE-2016-1000271 | 1 Dthdevelopment | 1 Dt Register | 2024-11-21 | N/A |
| Joomla extension DT Register version before 3.1.12 (Joomla 3.x) / 2.8.18 (Joomla 2.5) contains an SQL injection in "/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events". This attack appears to be exploitable if the attacker can reach the web server. | ||||
| CVE-2015-9496 | 1 Freshmail | 1 Freshmail-newsletter | 2024-11-21 | 8.8 High |
| The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring. | ||||
| CVE-2015-9467 | 1 K-78 | 1 Broken Link Manager | 2024-11-21 | 9.8 Critical |
| The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter. | ||||
| CVE-2015-9466 | 1 Webtechideas | 1 Wti Like Post | 2024-11-21 | 9.8 Critical |
| The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable. | ||||
| CVE-2015-9465 | 1 Yet Another Stars Rating Project | 1 Yet Another Stars Rating | 2024-11-21 | 8.8 High |
| The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter. | ||||
| CVE-2015-9462 | 1 Awesome Filterable Portfolio Project | 1 Awesome Filterable Portfolio | 2024-11-21 | 7.2 High |
| The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_category_page SQL injection via the cat_id parameter. | ||||
| CVE-2015-9461 | 1 Brinidesigner | 1 Awesome Filterable Portfolio | 2024-11-21 | 7.2 High |
| The awesome-filterable-portfolio plugin before 1.9 for WordPress has afp_get_new_portfolio_item_page SQL injection via the item_id parameter. | ||||
| CVE-2015-9460 | 1 Pinpoint | 1 Pinpoint Booking System | 2024-11-21 | 8.8 High |
| The booking-system plugin before 2.1 for WordPress has DOPBSPBackEndTranslation::display SQL injection via the language parameter. | ||||
| CVE-2015-9458 | 1 Seo Searchterms Tagging 2 Project | 1 Seo Searchterms Tagging 2 | 2024-11-21 | 7.2 High |
| The searchterms-tagging-2 plugin through 1.535 for WordPress has SQL injection via the pk_stt2_db_get_popular_terms count parameter exploitable via CSRF. | ||||
| CVE-2015-9454 | 1 Slidervilla | 1 Smooth Slider | 2024-11-21 | 8.8 High |
| The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin current_slider_id parameter. | ||||
| CVE-2015-9451 | 1 Sizmic | 1 Plugmatter Optin Feature Box | 2024-11-21 | 9.8 Critical |
| The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_mailchimp pmfb_tid parameter. | ||||
| CVE-2015-9450 | 1 Sizmic | 1 Plugmatter Optin Feature Box | 2024-11-21 | 9.8 Critical |
| The plugmatter-optin-feature-box-lite plugin before 2.0.14 for WordPress has SQL injection via the wp-admin/admin-ajax.php?action=pmfb_cc pmfb_tid parameter. | ||||
| CVE-2015-9449 | 1 Efficientscripts | 1 Microblog Poster | 2024-11-21 | 7.2 High |
| The microblog-poster plugin before 1.6.2 for WordPress has SQL Injection via the wp-admin/options-general.php?page=microblogposter.php account_id parameter. | ||||
| CVE-2015-9448 | 1 Pressified | 1 Sendpress | 2024-11-21 | 8.8 High |
| The sendpress plugin before 1.2 for WordPress has SQL Injection via the wp-admin/admin.php?page=sp-queue listid parameter. | ||||
| CVE-2015-9446 | 1 Unitegallery | 1 Unite Gallery Lite | 2024-11-21 | 8.8 High |
| The unite-gallery-lite plugin before 1.5 for WordPress has SQL injection via data[galleryID] to wp-admin/admin-ajax.php. | ||||
| CVE-2015-9400 | 1 Typomedia | 1 Wordpress Meta Robots | 2024-11-21 | 8.8 High |
| The wordpress-meta-robots plugin through 2.1 for WordPress has wp-admin/post-new.php text SQL injection. | ||||
| CVE-2015-9399 | 1 Trivetechnology | 1 Wp-stats-dashboard | 2024-11-21 | 7.2 High |
| The wp-stats-dashboard plugin through 2.9.4 for WordPress has admin/graph_trend.php type SQL injection. | ||||