Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2011. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2010-4970 | SQL injection vulnerability in handlers/getpage.php in Wiki Web Help 0.28 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 1.05% | 2011-11-01 | 2026-06-16 |
| CVE-2010-4969 | SQL injection vulnerability in articlesdetails.php in BrotherScripts (BS) Business Directory allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 0.95% | 2011-11-01 | 2026-06-16 |
| CVE-2010-4968 | SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | 7.5 | 1.01% | 2011-11-01 | 2026-06-16 |
| CVE-2011-4215 | SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable. | 7.5 | 1.36% | 2011-11-01 | 2026-06-16 |
| CVE-2011-1915 | SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 1.13% | 2011-11-01 | 2026-06-16 |
| CVE-2011-3615 | Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. NOTE: some of these details are obtained from third party information. | 7.5 | 1.14% | 2011-10-24 | 2026-06-16 |
| CVE-2011-4026 | SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 2.08% | 2011-10-21 | 2026-06-16 |
| CVE-2011-3988 | SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 2.33% | 2011-10-21 | 2026-06-16 |
| CVE-2011-3340 | SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | 7.5 | 2.04% | 2011-10-21 | 2026-06-16 |
| CVE-2010-4967 | SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 allows remote attackers to execute arbitrary SQL commands via the artID parameter. | 7.5 | 2.09% | 2011-10-21 | 2026-06-16 |
| CVE-2009-5102 | SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter. | 7.5 | 2.27% | 2011-10-21 | 2026-06-16 |
| CVE-2010-4963 | SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. | 7.5 | 1.22% | 2011-10-09 | 2026-06-16 |
| CVE-2010-4961 | SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 1.11% | 2011-10-09 | 2026-06-16 |
| CVE-2010-4959 | SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter. | 7.5 | 1.22% | 2011-10-09 | 2026-06-16 |
| CVE-2010-4958 | SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 | 1.38% | 2011-10-09 | 2026-06-16 |
| CVE-2010-4957 | SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 1.29% | 2011-10-09 | 2026-06-16 |
| CVE-2010-4955 | SQL injection vulnerability in board/board.php in APBoard Developers APBoard 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3078. | 7.5 | 1.04% | 2011-10-09 | 2026-06-16 |
| CVE-2010-4954 | SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. | 7.5 | 1.01% | 2011-10-09 | 2026-06-16 |
| CVE-2010-4952 | SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 1.11% | 2011-10-09 | 2026-06-16 |
| CVE-2010-4950 | SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 1.03% | 2011-10-09 | 2026-06-16 |