Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2012. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2012-5333 | SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 1.24% | 2012-10-08 | 2026-06-16 |
| CVE-2012-5328 | Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/fs-admin.php, or (4) edit_forum_id parameter in an edit_save_forum action to fs-admin/wpf-edit-forum-group.php. | 6.5 | 1.51% | 2012-10-08 | 2026-06-16 |
| CVE-2012-5327 | Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup parameter in an add_user_togroup action, or (3) add_forum_group_id parameter in an add_forum_submit action. | 6.5 | 1.73% | 2012-10-08 | 2026-06-16 |
| CVE-2012-5317 | SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process action. | 7.5 | 1.32% | 2012-10-08 | 2026-06-16 |
| CVE-2012-5313 | SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter. | 7.5 | 1.11% | 2012-10-08 | 2026-06-16 |
| CVE-2012-5312 | SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 7.5 | 1.11% | 2012-10-08 | 2026-06-16 |
| CVE-2012-5310 | SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 2.11% | 2012-10-08 | 2026-06-16 |
| CVE-2011-4638 | Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3) wldomain, or (4) temid parameter to urls-x.php. | 7.5 | 1.19% | 2012-10-08 | 2026-06-16 |
| CVE-2010-5063 | SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter. | 7.5 | 1.11% | 2012-10-08 | 2026-06-16 |
| CVE-2012-5300 | SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 1.31% | 2012-10-04 | 2026-06-16 |
| CVE-2012-5297 | SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 1.31% | 2012-10-04 | 2026-06-16 |
| CVE-2012-5294 | SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 1.12% | 2012-10-04 | 2026-06-16 |
| CVE-2011-5203 | SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information. | 7.5 | 1.24% | 2012-10-04 | 2026-06-16 |
| CVE-2012-5292 | Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php. | 7.5 | 1.11% | 2012-10-04 | 2026-06-16 |
| CVE-2012-5291 | SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter. | 7.5 | 1.12% | 2012-10-04 | 2026-06-16 |
| CVE-2012-5290 | Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitrary SQL commands via the (1) lstid parameter to listings.php or (2) infoid parameter to index.php. | 7.5 | 1.23% | 2012-10-04 | 2026-06-16 |
| CVE-2012-5289 | Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php. | 7.5 | 1.31% | 2012-10-04 | 2026-06-16 |
| CVE-2012-5288 | SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 1.11% | 2012-10-04 | 2026-06-16 |
| CVE-2012-1603 | Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function. | 7.5 | 1.45% | 2012-10-01 | 2026-06-16 |
| CVE-2012-5227 | SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 1.11% | 2012-10-01 | 2026-06-16 |