Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2011. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2011-5039 | Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php. | 7.5 | 0.80% | 2011-12-30 | 2026-04-29 |
| CVE-2011-5038 | SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 7.5 | 0.41% | 2011-12-30 | 2026-04-29 |
| CVE-2011-5031 | Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. NOTE: some of these details are obtained from third party information. | 7.5 | 0.31% | 2011-12-29 | 2026-04-29 |
| CVE-2011-5022 | SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter. | 7.5 | 0.27% | 2011-12-29 | 2026-04-29 |
| CVE-2011-3838 | Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to fp.php, (2) epage parameter to newpage.php, (3) epost parameter to newpost.php, and (4) username parameter to login.php in admin/; or the (5) username parameter to mobile/login.php. | 7.5 | 0.84% | 2011-12-24 | 2026-04-29 |
| CVE-2011-4847 | SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL commands via a certificateslist cookie to notification@/. | 7.5 | 0.17% | 2011-12-16 | 2026-04-29 |
| CVE-2011-4763 | Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files. | 7.5 | 0.31% | 2011-12-16 | 2026-04-29 |
| CVE-2011-4753 | Multiple SQL injection vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by domains/sitebuilder_edit.php and certain other files. | 7.5 | 0.31% | 2011-12-16 | 2026-04-29 |
| CVE-2011-4734 | Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by file-manager/ and certain other files. | 7.5 | 0.31% | 2011-12-16 | 2026-04-29 |
| CVE-2011-4725 | Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by login_up.php3 and certain other files. | 7.5 | 0.31% | 2011-12-16 | 2026-04-29 |
| CVE-2011-4833 | Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php. | 7.5 | 1.47% | 2011-12-15 | 2026-04-29 |
| CVE-2011-4829 | SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php. | 7.5 | 0.28% | 2011-12-15 | 2026-04-29 |
| CVE-2011-4826 | SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information. | 6.8 | 0.39% | 2011-12-15 | 2026-04-29 |
| CVE-2011-4824 | SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter. | 7.5 | 3.25% | 2011-12-15 | 2026-04-29 |
| CVE-2011-4823 | Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php. | 7.5 | 0.27% | 2011-12-15 | 2026-04-29 |
| CVE-2011-4811 | SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter. | 7.5 | 0.27% | 2011-12-14 | 2026-04-29 |
| CVE-2011-4808 | SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php. | 7.5 | 0.27% | 2011-12-14 | 2026-04-29 |
| CVE-2011-4803 | SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 1.24% | 2011-12-14 | 2026-04-29 |
| CVE-2011-4802 | Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perms.php, (6) param_ihm.php, (7) note.php, and (8) fiche.php in user/; and (9) rowid parameter to admin/boxes.php. | 6.5 | 2.65% | 2011-12-14 | 2026-04-29 |
| CVE-2011-4801 | SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 | 2.15% | 2011-12-14 | 2026-04-29 |