Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2012. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2012-3873 | Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or (6) data/event/edit.php. | 6.5 | 0.94% | 2012-12-28 | 2026-04-29 |
| CVE-2012-5590 | SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 1.21% | 2012-12-26 | 2026-04-29 |
| CVE-2012-6427 | The Carlo Gavazzi EOS-Box does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality. | 7.8 | 1.21% | 2012-12-23 | 2026-04-29 |
| CVE-2012-5967 | SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 (fixed in Centreon web 2.6.0) allows remote authenticated users to execute arbitrary SQL commands via the menu parameter. | 6.5 | 3.31% | 2012-12-19 | 2026-04-29 |
| CVE-2012-4971 | Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserl | 7.5 | 1.19% | 2012-12-12 | 2026-04-29 |
| CVE-2012-5550 | SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 1.13% | 2012-12-03 | 2026-04-29 |
| CVE-2012-5367 | Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks. | 6.0 | 1.32% | 2012-12-03 | 2026-04-29 |
| CVE-2012-4479 | SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 1.13% | 2012-11-30 | 2026-04-29 |
| CVE-2012-6039 | SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter. | 7.5 | 1.11% | 2012-11-26 | 2026-04-29 |
| CVE-2012-4601 | Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php. | 6.0 | 1.56% | 2012-11-23 | 2026-04-29 |
| CVE-2012-2086 | SQL injection vulnerability in the get_last_conversation_lines function in common/logger.py in Gajim before 0.15 allows remote attackers to execute arbitrary SQL commands via the jig parameter. | 7.5 | 2.40% | 2012-11-23 | 2026-04-29 |
| CVE-2012-5861 | These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication within the device, attackers can leak information from the device. This could allow the attacker to compromise confidentiality. | 7.8 | 4.08% | 2012-11-23 | 2026-04-29 |
| CVE-2012-4941 | Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 1.25% | 2012-11-18 | 2026-04-29 |
| CVE-2012-5912 | Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php. | 7.5 | 2.42% | 2012-11-17 | 2026-04-29 |
| CVE-2012-5910 | SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter. | 6.5 | 1.15% | 2012-11-17 | 2026-04-29 |
| CVE-2012-5909 | SQL injection vulnerability in admin/modules/user/users.php in MyBB (aka MyBulletinBoard) 1.6.6 allows remote attackers to execute arbitrary SQL commands via the conditions[usergroup][] parameter in a search action to admin/index.php. | 7.5 | 1.11% | 2012-11-17 | 2026-04-29 |
| CVE-2012-5900 | Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php. | 7.5 | 1.28% | 2012-11-17 | 2026-04-29 |
| CVE-2012-5894 | SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter. | 7.5 | 1.12% | 2012-11-17 | 2026-04-29 |
| CVE-2012-4951 | Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter. | 7.5 | 1.52% | 2012-11-15 | 2026-04-29 |
| CVE-2012-4949 | SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. | 6.5 | 4.39% | 2012-11-14 | 2026-04-29 |