SQL Injection に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
2012 年に公開され、SQL Injection に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2012-3873 | Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or (6) data/event/edit.php. | 6.5 | 0.94% | 2012-12-28 | 2026-04-29 |
| CVE-2012-5590 | SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 0.38% | 2012-12-26 | 2026-04-29 |
| CVE-2012-6427 | The Carlo Gavazzi EOS-Box does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality. | 7.8 | 0.24% | 2012-12-23 | 2026-04-29 |
| CVE-2012-5967 | SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter. | 6.5 | 0.22% | 2012-12-19 | 2026-04-29 |
| CVE-2012-4971 | Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserl | 7.5 | 0.32% | 2012-12-12 | 2026-04-29 |
| CVE-2012-5550 | SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 0.37% | 2012-12-03 | 2026-04-29 |
| CVE-2012-5367 | Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks. | 6.0 | 1.46% | 2012-12-03 | 2026-04-29 |
| CVE-2012-4479 | SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 0.37% | 2012-11-30 | 2026-04-29 |
| CVE-2012-6039 | SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter. | 7.5 | 0.93% | 2012-11-26 | 2026-04-29 |
| CVE-2012-4601 | Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php. | 6.0 | 0.25% | 2012-11-23 | 2026-04-29 |
| CVE-2012-2086 | SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter. | 7.5 | 0.72% | 2012-11-23 | 2026-04-29 |
| CVE-2012-5861 | These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication within the device, attackers can leak information from the device. This could allow the attacker to compromise confidentiality. | 7.8 | 13.81% | 2012-11-23 | 2026-04-29 |
| CVE-2012-4941 | Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 0.37% | 2012-11-18 | 2026-04-29 |
| CVE-2012-5912 | Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php. | 7.5 | 1.06% | 2012-11-17 | 2026-04-29 |
| CVE-2012-5910 | SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter. | 6.5 | 0.60% | 2012-11-17 | 2026-04-29 |
| CVE-2012-5909 | SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php. | 7.5 | 0.93% | 2012-11-17 | 2026-04-29 |
| CVE-2012-5900 | Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php. | 7.5 | 2.49% | 2012-11-17 | 2026-04-29 |
| CVE-2012-5894 | SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter. | 7.5 | 1.65% | 2012-11-17 | 2026-04-29 |
| CVE-2012-4951 | Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter. | 7.5 | 8.04% | 2012-11-15 | 2026-04-29 |
| CVE-2012-4949 | SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. | 6.5 | 1.32% | 2012-11-14 | 2026-04-29 |