| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter. |
| SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. |
| SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter. |
| Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters. |
| SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in wp-download_monitor/download.php in the Download Monitor 2.0.6 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in listtest.php in YourFreeWorld Apartment Search Script allows remote attackers to execute arbitrary SQL commands via the r parameter. |
| SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected. |
| SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter. |
| SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command. |
| SQL injection vulnerability in messages.php in I-Rater Basic allows remote attackers to execute arbitrary SQL commands via the idp parameter. |
| SQL injection vulnerability in ndetail.php in Shahrood allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in index.asp in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the sideid parameter. |
| SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/. |
| SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter. |
| SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter. |
| SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the query parameter. |
| SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action. |
