Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2014. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2014-8999 | SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter. | 6.5 | 1.66% | 2014-11-20 | 2026-06-16 |
| CVE-2014-8995 | SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. | 5.0 | 2.22% | 2014-11-20 | 2026-06-16 |
| CVE-2014-8596 | Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php. | 7.5 | 3.26% | 2014-11-17 | 2026-06-16 |
| CVE-2014-8499 | Multiple SQL injection vulnerabilities in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allow remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter to (1) SQLAdvancedALSearchResult.cc or (2) AdvancedSearchResult.cc. | 6.5 | 33.59% | 2014-11-17 | 2026-06-16 |
| CVE-2014-8498 | SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter. | 6.5 | 12.75% | 2014-11-17 | 2026-06-16 |
| CVE-2014-8554 | SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609. | 7.5 | 2.45% | 2014-11-13 | 2026-06-16 |
| CVE-2014-4627 | SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 8.8 | 2.25% | 2014-11-07 | 2026-06-16 |
| CVE-2014-6030 | Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx. | 6.5 | 1.73% | 2014-11-06 | 2026-06-16 |
| CVE-2014-8668 | SQL injection vulnerability in SAP Contract Accounting allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 1.26% | 2014-11-06 | 2026-06-16 |
| CVE-2014-8664 | SQL injection vulnerability in Product Safety (EHS-SAF) component in SAP Environment, Health, and Safety Management allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 1.26% | 2014-11-06 | 2026-06-16 |
| CVE-2014-8663 | SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP NetWeaver Business Warehouse allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 1.16% | 2014-11-06 | 2026-06-16 |
| CVE-2014-8351 | SQL injection vulnerability in info.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz before 1.0.1 allows remote web servers to execute arbitrary SQL commands via the domain parameter. | 7.5 | 1.66% | 2014-11-06 | 2026-06-16 |
| CVE-2014-7959 | SQL injection vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tableprefix parameter. | 6.5 | 2.10% | 2014-11-06 | 2026-06-16 |
| CVE-2014-8588 | SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 1.26% | 2014-11-04 | 2026-06-16 |
| CVE-2014-8586 | SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter. | 7.5 | 40.09% | 2014-11-04 | 2026-06-16 |
| CVE-2014-8339 | SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter. | 7.5 | 2.09% | 2014-11-04 | 2026-06-16 |
| CVE-2014-7176 | SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman. | 6.5 | 2.20% | 2014-11-04 | 2026-06-16 |
| CVE-2014-5387 | Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] parameter to system/index.php or the (3) tbl_sort[0][] parameter in the comment module to system/index.php. | 6.5 | 1.65% | 2014-11-04 | 2026-06-16 |
| CVE-2014-3366 | SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted response, aka Bug ID CSCup88089. | 6.5 | 1.56% | 2014-10-31 | 2026-06-16 |
| CVE-2014-3446 | SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter. | 7.5 | 1.26% | 2014-10-30 | 2026-06-16 |