| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS allows remote attackers to execute arbitrary SQL commands via the cf_id parameter. |
| SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php. |
| Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php. |
| SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter. |
| SQL injection vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to execute arbitrary SQL commands via the search parameter. |
| Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx. |
| SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. |
| SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method. |
| SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action. |
| SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in the Publisher module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printarticle action to mod.php, a different vector than CVE-2007-3394. |
| SQL injection vulnerability in modules/sections/index.php in E-Xoopport Samsara 3.1 and earlier, when the Tutorial module is enabled, allows remote attackers to execute arbitrary SQL commands via the secid parameter in a listarticles action. |
| SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. |
| Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details are obtained from third party information. NOTE: the password vector might not be vulnerable. |
| Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters. NOTE: this can be leveraged with CVE-2010-3483 to conduct attacks without authentication. |
| SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593. |
| SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in news_default.asp in Site2Nite Big Truck Broker allows remote attackers to execute arbitrary SQL commands via the txtSiteId parameter. |
| SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter. |
| SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. |
