| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in BosClassifieds Classified Ads System 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. |
| SQL injection vulnerability in shop/detail.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Photo Gallery 1.02 allows remote attackers to execute arbitrary SQL commands via the albumID parameter. |
| phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies. |
| SQL injection vulnerability in index.php in phpArcadeScript 1.0 through 3.0 RC2 allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action. |
| SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported that this also affects Koobi CMS 4.2.4, 4.2.5, and 4.3.0. |
| SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the session_vars cookie. |
| SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter. |
| SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. |
| SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter. |
| SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action. |
| SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in list.php in Easysitenetwork Recipe allows remote attackers to execute arbitrary SQL commands via the categoryid parameter. |
| SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter. |
| SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter. |
| SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action. |
| Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php. |
