Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2012. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2011-5235 | SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote attackers to execute arbitrary SQL commands via the hostname in a hypertext link. | 7.5 | 1.89% | 2012-10-25 | 2026-06-16 |
| CVE-2011-5234 | SQL injection vulnerability in user.php in Social Network Community 2 allows remote attackers to execute arbitrary SQL commands via the userId parameter. | 7.5 | 1.89% | 2012-10-25 | 2026-06-16 |
| CVE-2011-5230 | Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter to sys/login/member. | 7.5 | 2.24% | 2012-10-25 | 2026-06-16 |
| CVE-2011-5229 | SQL injection vulnerability in quickstart/profile/index.php in the Forum module in appRain CMF 0.1.5 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO. | 7.5 | 2.22% | 2012-10-25 | 2026-06-16 |
| CVE-2011-5224 | SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 2.74% | 2012-10-25 | 2026-06-16 |
| CVE-2011-5222 | SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter. | 7.5 | 2.24% | 2012-10-25 | 2026-06-16 |
| CVE-2011-5218 | SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 7.5 | 2.23% | 2012-10-25 | 2026-06-16 |
| CVE-2011-5216 | SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress plugin before 1.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the active parameter. NOTE: some of these details are obtained from third party information. | 7.5 | 2.43% | 2012-10-25 | 2026-06-16 |
| CVE-2011-5215 | SQL injection vulnerability in index.php in Video Community Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 2.02% | 2012-10-25 | 2026-06-16 |
| CVE-2011-5213 | Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login[username] parameter to index.php, (2) parent_id parameter to modules/Documents/version_list.php, or (3) contact_id parameter to modules/Documents/index.php. | 7.5 | 2.45% | 2012-10-25 | 2026-06-16 |
| CVE-2012-5453 | SQL injection vulnerability in user/index_inline_editor_submit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167. | 6.5 | 2.74% | 2012-10-22 | 2026-06-16 |
| CVE-2012-5167 | Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_submit.php or (2) user/index_inline_editor_submit.php; or (3) id parameter to user/user_password.php. | 7.5 | 4.70% | 2012-10-22 | 2026-06-16 |
| CVE-2012-4990 | SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids[] parameter in a link action. | 7.5 | 2.27% | 2012-10-22 | 2026-06-16 |
| CVE-2012-4772 | SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter. | 7.5 | 3.72% | 2012-10-22 | 2026-06-16 |
| CVE-2012-4232 | SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to execute arbitrary SQL commands via the memberloginid cookie. | 7.5 | 2.04% | 2012-10-22 | 2026-06-16 |
| CVE-2011-5212 | SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the (1) user name or (2) password field. | 7.5 | 3.42% | 2012-10-22 | 2026-06-16 |
| CVE-2012-5350 | SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode. | 6.0 | 2.38% | 2012-10-09 | 2026-06-16 |
| CVE-2012-5348 | SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php. | 6.8 | 1.05% | 2012-10-09 | 2026-06-16 |
| CVE-2012-5342 | Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php. | 7.5 | 1.06% | 2012-10-09 | 2026-06-16 |
| CVE-2012-5334 | SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter. | 7.5 | 1.26% | 2012-10-08 | 2026-06-16 |