SQL Injection に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
2013 年に公開され、SQL Injection に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2013-7242 | SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix parameter. | 6.5 | 0.70% | 2013-12-31 | 2026-04-29 |
| CVE-2013-6983 | SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615. | 6.5 | 0.65% | 2013-12-31 | 2026-04-29 |
| CVE-2013-7232 | SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. | 7.5 | 0.46% | 2013-12-30 | 2026-04-29 |
| CVE-2013-7149 | SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method. | 7.5 | 0.41% | 2013-12-28 | 2026-04-29 |
| CVE-2013-6929 | SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. | 6.5 | 0.44% | 2013-12-28 | 2026-04-29 |
| CVE-2013-7216 | Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to demo/classifieds/product.asp, or (2) UserID or (3) Password field to demo/classifieds/admin.asp. | 7.5 | 0.46% | 2013-12-24 | 2026-04-29 |
| CVE-2013-4461 | SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator." | 7.5 | 0.38% | 2013-12-23 | 2026-04-29 |
| CVE-2013-5409 | Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 | 0.31% | 2013-12-21 | 2026-04-29 |
| CVE-2013-7193 | Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp. | 7.5 | 1.95% | 2013-12-21 | 2026-04-29 |
| CVE-2013-7192 | Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp. | 7.5 | 0.51% | 2013-12-21 | 2026-04-29 |
| CVE-2013-2627 | SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action. | 7.5 | 0.38% | 2013-12-21 | 2026-04-29 |
| CVE-2013-7189 | Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php. | 7.5 | 1.30% | 2013-12-20 | 2026-04-29 |
| CVE-2013-7187 | SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 2.13% | 2013-12-20 | 2026-04-29 |
| CVE-2013-7096 | Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 0.41% | 2013-12-13 | 2026-04-29 |
| CVE-2013-7094 | SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in SAP NetWeaver 7.30 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 0.71% | 2013-12-13 | 2026-04-29 |
| CVE-2013-7092 | Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) events_col, (2) event_id, (3) reason, (4) events_order, (5) emailstatus_order, or (6) emailstatus_col JSON keys. | 6.5 | 0.47% | 2013-12-13 | 2026-04-29 |
| CVE-2013-6839 | SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id]. | 7.5 | 0.49% | 2013-12-13 | 2026-04-29 |
| CVE-2013-6985 | SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter. | 7.5 | 0.36% | 2013-12-09 | 2026-04-29 |
| CVE-2013-5354 | Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) fb_user_id or (2) tw_user_id parameter to signup. | 7.5 | 0.40% | 2013-12-09 | 2026-04-29 |
| CVE-2013-6787 | SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter. | 6.0 | 0.59% | 2013-12-05 | 2026-04-29 |