Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

sql injection vulnerabilities and exploits

(subscribe to this query)
9.8
CVSSv3

CVE-2018-5972

SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.
Quickad Project Quickad 4.0
9.8
CVSSv3

CVE-2018-5977

SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request.
Getaffiligator Affiligator 2.1.0
9.8
CVSSv3

CVE-2018-5978

SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field.
Zechat Project Zechat 1.5
6
CVSSv2

CVE-2015-1517

SQL injection vulnerability in Piwigo prior to 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
Piwigo Piwigo
7.5
CVSSv2

CVE-2011-4026

SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Xia Zuojie Nexusphp 1.5
7.5
CVSSv2

CVE-2014-8507

Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android prior to 5.0.0 allow remote malicious users to execute arbitrary SQL commands, and consequently launch ...
Google AndroidGoogle Android 1.0Google Android 1.1Google Android 1.5Google Android 1.6Google Android 2.0Google Android 2.0.1Google Android 2.1Google Android 2.2Google Android 2.2.1Google Android 2.2.2Google Android 2.2.3
6.8
CVSSv2

CVE-2009-3661

Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.
Blueconstantmedia Com Djcatalog
6.5
CVSSv2

CVE-2013-2559

SQL injection vulnerability in Symphony CMS prior to 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated malicious users to execute arbitrary SQ...
Getsymphony SymphonyGetsymphony Symphony 2.0Getsymphony Symphony 2.0.3Getsymphony Symphony 2.0.4Getsymphony Symphony 2.0.5Getsymphony Symphony 2.0.6Getsymphony Symphony 2.0.7Getsymphony Symphony 2.1.0Getsymphony Symphony 2.1.1Getsymphony Symphony 2.3
7.5
CVSSv2

CVE-2014-5097

Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and previous versions allow remote malicious users to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to rate.php.
Freereprintables Articlefr
9.8
CVSSv3

CVE-2017-7997

Multiple SQL injection vulnerabilities in Gespage prior to 7.4.9 allow remote malicious users to execute arbitrary SQL commands via the (1) show_prn parameter to webapp/users/prnow.jsp or show_month parameter to (2) webapp/users/blhistory.jsp or (3) webapp/users/prhistory.jsp.
Gespage Gespage
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-46656unknownCVE-2025-46577CVE-2025-32979paicodingXPath injectionhackmdCVE-2025-3643opplusCSRFlocal usersCVE-2025-32433CVE-2025-32432
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook