探索与 SQL Injection 漏洞相关的 CVE,并按公开年份筛选。本列表默认优先展示最新披露,并支持按 CVSS 与 EPSS 风险分数进一步筛选。
覆盖最新漏洞披露与趋势,帮助安全团队快速识别高风险问题与被利用可能性。
当前为 SQL Injection 类型、2010 年公开的 CVE。 查看完整 CVE 列表
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2010-4641 | SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 1.12% | 2010-12-30 | 2026-06-16 |
| CVE-2010-4639 | SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 1.15% | 2010-12-30 | 2026-06-16 |
| CVE-2010-4638 | SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php. | 6.8 | 0.92% | 2010-12-30 | 2026-06-16 |
| CVE-2010-4636 | SQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 | 1.02% | 2010-12-30 | 2026-06-16 |
| CVE-2010-4635 | SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 | 1.15% | 2010-12-30 | 2026-06-16 |
| CVE-2010-4633 | SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1. | 7.5 | 0.99% | 2010-12-30 | 2026-06-16 |
| CVE-2010-4632 | Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688. | 7.5 | 1.15% | 2010-12-30 | 2026-06-16 |
| CVE-2010-4619 | SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 1.00% | 2010-12-29 | 2026-06-16 |
| CVE-2010-4615 | Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) arac parameter to carsdetail.asp and the (2) marka parameter to twohandscars.asp. | 7.5 | 0.99% | 2010-12-29 | 2026-06-16 |
| CVE-2010-4614 | SQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723. | 7.5 | 0.99% | 2010-12-29 | 2026-06-16 |
| CVE-2010-4612 | Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremail parameter to user/1/forgotpass.html, and the (5) q parameter to search/1.html. NOTE: some of these details are obtained from third party information. | 6.8 | 1.70% | 2010-12-29 | 2026-06-16 |
| CVE-2010-4609 | SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action. | 7.5 | 0.99% | 2010-12-29 | 2026-06-16 |
| CVE-2010-4517 | SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php. | 6.8 | 0.83% | 2010-12-09 | 2026-06-16 |
| CVE-2010-3922 | SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 1.29% | 2010-12-09 | 2026-06-16 |
| CVE-2010-4505 | Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) un and (2) pw parameters. | 6.8 | 0.97% | 2010-12-08 | 2026-06-16 |
| CVE-2010-4503 | SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action. | 7.5 | 0.98% | 2010-12-08 | 2026-06-16 |
| CVE-2010-4500 | Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) subject, and (4) message parameters in a sendmess action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 6.8 | 0.92% | 2010-12-08 | 2026-06-16 |
| CVE-2010-4257 | SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field. | 6.0 | 3.14% | 2010-12-07 | 2026-06-16 |
| CVE-2010-4404 | SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 | 1.08% | 2010-12-06 | 2026-06-16 |
| CVE-2010-4400 | SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter. | 7.5 | 2.16% | 2010-12-06 | 2026-06-16 |