| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter. |
| SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter. |
| SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429. |
| SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter. |
| SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter. |
| The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi. |
| The findByCondition function in framework/db/ActiveRecord.php in Yii 2.x before 2.0.15 allows remote attackers to conduct SQL injection attacks via a findOne() or findAll() call, unless a developer recognizes an undocumented need to sanitize array input. |
| SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! via the publicid parameter. |
| SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! via the id parameter. |
| SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! via the publicid parameter. |
| SQL Injection exists in the Saxum Numerology 3.0.4 component for Joomla! via the publicid parameter. |
| A potential security vulnerability has been identified in HPE Device Entitlement Gateway (DEG) v3.2.4, v3.3 and v3.3.1. The vulnerability could be remotely exploited to allow local SQL injection and elevation of privilege. |
| An authenticated SQL injection vulnerability in Aruba ClearPass Policy Manager can lead to privilege escalation. All versions of ClearPass are affected by multiple authenticated SQL injection vulnerabilities. In each case, an authenticated administrative user of any type could exploit this vulnerability to gain access to "appadmin" credentials, leading to complete cluster compromise. Resolution: Fixed in 6.7.6 and 6.6.10-hotfix. |
| SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD. |
| PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term. |
| controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a request with s=member,c=api,m=checktitle, and the parameter 'module' with a SQL statement, lacks effective filtering. |
| Piwigo before 2.9.3 has SQL injection in admin/tags.php in the administration panel, via the tags array parameter in an admin.php?page=tags request. The attacker must be an administrator. |
| SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter. |
| SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter. |
| Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface. |
