Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2011. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2011-4349 | Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id. | 4.6 | 0.47% | 2011-12-10 | 2026-06-16 |
| CVE-2011-4710 | Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI. | 7.5 | 1.71% | 2011-12-08 | 2026-06-16 |
| CVE-2011-2917 | SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter. | 7.5 | 1.26% | 2011-12-08 | 2026-06-16 |
| CVE-2011-4674 | SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter. | 7.5 | 2.55% | 2011-12-02 | 2026-06-16 |
| CVE-2011-4673 | SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 2.19% | 2011-12-02 | 2026-06-16 |
| CVE-2011-4672 | Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomenos_list.php, (6) ypelaton_list.php, and (7) yproion_list.php. | 7.5 | 1.10% | 2011-12-02 | 2026-06-16 |
| CVE-2011-4671 | SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL). | 7.5 | 3.07% | 2011-12-02 | 2026-06-16 |
| CVE-2011-4669 | SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php. | 7.5 | 2.26% | 2011-12-02 | 2026-06-16 |
| CVE-2011-4542 | Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI. | 7.5 | 26.06% | 2011-11-30 | 2026-06-16 |
| CVE-2011-4571 | SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php. | 7.5 | 1.09% | 2011-11-29 | 2026-06-16 |
| CVE-2011-4570 | SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php. | 7.5 | 1.10% | 2011-11-29 | 2026-06-16 |
| CVE-2011-4569 | SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter. | 7.5 | 1.09% | 2011-11-29 | 2026-06-16 |
| CVE-2011-4559 | SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. | 7.5 | 1.39% | 2011-11-28 | 2026-06-16 |
| CVE-2010-5062 | SQL injection vulnerability in search.php in MH Products kleinanzeigenmarkt allows remote attackers to execute arbitrary SQL commands via the c parameter. | 7.5 | 2.41% | 2011-11-23 | 2026-06-16 |
| CVE-2010-5061 | SQL injection vulnerability in index.php in RSStatic allows remote attackers to execute arbitrary SQL commands via the maxarticles parameter. | 7.5 | 1.21% | 2011-11-23 | 2026-06-16 |
| CVE-2010-5060 | SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 2.21% | 2011-11-23 | 2026-06-16 |
| CVE-2010-5059 | SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action. | 7.5 | 2.21% | 2011-11-23 | 2026-06-16 |
| CVE-2010-5058 | SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the res_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 7.5 | 1.01% | 2011-11-23 | 2026-06-16 |
| CVE-2010-5057 | SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the tipodoc_id parameter. | 7.5 | 2.41% | 2011-11-23 | 2026-06-16 |
| CVE-2010-5056 | SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php. | 7.5 | 2.41% | 2011-11-23 | 2026-06-16 |