Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
Docs
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql injection vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2000-0402
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.
Microsoft Sql Server 7.0
2 EDB exploits
7.5
CVSSv2
CVE-2002-0187
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an malicious user to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
Microsoft Sql Server 2000
1 EDB exploit
8.8
CVSSv3
CVE-2025-30473
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow Common SQL Provider. When using the partition clause in SQLTableCheckOperator as parameter (which was a recommended pattern), Authenticated UI User could...
Apache Software Foundation Apache Airflow Common Sql Provider
Apache Airflow Common Sql Provider
7.2
CVSSv3
CVE-2020-9318
Red Gate SQL Monitor 9.0.13 up to and including 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. This is fixed in 9.2.15.
Red-gate Sql Monitor
7.5
CVSSv2
CVE-2008-4378
SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Mr. Cgi Guy Hot Links Sql Php
1 EDB exploit
7.5
CVSSv2
CVE-2002-0645
SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
Microsoft Data Engine 2000
Microsoft Sql Server 2000
7.5
CVSSv2
CVE-2005-1224
Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote malicious users to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or d...
Duware Duportal 3.4
Duware Duportal Pro 3.4
Duware Duportal Sql 3.4
6 EDB exploits
6.1
CVSSv3
CVE-2024-26140
com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in...
Yetanalytics Lrs
Yetanalytics Sql Lrs
8.2
CVSSv3
CVE-2025-30788
Cross-Site Request Forgery (CSRF) vulnerability in Eli EZ SQL Reports Shortcode Widget and DB Backup allows SQL Injection. This issue affects EZ SQL Reports Shortcode Widget and DB Backup: from n/a up to and including 5.25.08.
Eli Ez Sql Reports Shortcode Widget And Db Backup
6.5
CVSSv2
CVE-2012-0337
SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939.
Cisco Unified Meetingplace 7.1
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
inject
CVE-2025-51381
IDOR
nvidia
CVE-2025-4123
CVE-2025-2783
CVE-2025-30678
remote attackers
CVE-2025-48443
kcm3100
CVE-2025-6196
tarteaucitron.io
adrian ladó
earch icon">CVE-2023-33538
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »