| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field). |
| SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter. |
| SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter. |
| Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php. |
| SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php. |
| SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php. |
| SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the month parameter in a calendar action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in category.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
| SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. |
| SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter. |
| SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action. |
| SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters. |
| SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string. |
| SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter. |
| Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to modules/bms/invoices_discount_ajax.php, (2) f parameter to dbgraphic.php, and (3) tid parameter in a show action to advancedsearch.php. |
| SQL injection vulnerability in read.php in ToyLog 0.1 allows remote attackers to execute arbitrary SQL commands via the idm parameter. |
| SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter. |
| Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter. |
| SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter. |
