| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter. |
| SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500. |
| SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments. |
| SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
| SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote attackers to execute arbitrary SQL commands via the cat_a parameter in a browse action. |
| Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters. |
| SQL injection vulnerability in line2.php in SiteAdmin allows remote attackers to execute arbitrary SQL commands via the art parameter. |
| SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action. |
| SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266. |
| SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode. |
| Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid parameter to index.php in a ShowForum action to the Forum module; (4) the tid parameter to index.php in a ShowTopic action to the Forum module; (5) the uname parameter to index.php in a UserInfo action to the Account module; or (6) the module parameter to index.php, probably related to the TopSites module. |
| SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php. |
| SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action. |
| SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter. |
| SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter. |
| SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by CVE-2005-0413. |
| SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. NOTE: some of these details are obtained from third party information. |