| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was found in fanzila WebFinance 0.5. It has been classified as critical. Affected is an unknown function of the file htdocs/admin/save_roles.php. The manipulation of the argument id leads to sql injection. The name of the patch is 6cfeb2f6b35c1b3a7320add07cd0493e4f752af3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-220056. |
| A vulnerability was found in fanzila WebFinance 0.5 and classified as critical. This issue affects some unknown processing of the file htdocs/admin/save_taxes.php. The manipulation of the argument id leads to sql injection. The patch is named 306f170ca2a8203ae3d8f51fb219ba9e05b945e1. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-220055. |
| A vulnerability has been found in fanzila WebFinance 0.5 and classified as critical. This vulnerability affects unknown code of the file htdocs/admin/save_Contract_Signer_Role.php. The manipulation of the argument n/v leads to sql injection. The patch is identified as abad81af614a9ceef3f29ab22ca6bae517619e06. It is recommended to apply a patch to fix this issue. VDB-220054 is the identifier assigned to this vulnerability. |
| A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql injection. Upgrading to version 1.39 is able to address this issue. The name of the patch is a5456633ff75e8f13705974c7ed1ce77f3f142d5. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218428. |
| A vulnerability, which was classified as critical, was found in antonbolling clan7ups. Affected is an unknown function of the component Login/Session. The manipulation leads to sql injection. The name of the patch is 25afad571c488291033958d845830ba0a1710764. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218388. |
| A vulnerability was found in aeharding classroom-engagement-system and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to sql injection. The attack may be launched remotely. The name of the patch is 096de5815c7b414e7339f3439522a446098fb73a. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-218156. |
| A vulnerability was found in DrAzraelTod pyChao and classified as critical. Affected by this issue is the function klauen/lesen of the file mod_fun/__init__.py. The manipulation leads to sql injection. The patch is identified as 9d8adbc07c384ba51c2583ce0819c9abb77dc648. It is recommended to apply a patch to fix this issue. VDB-217634 is the identifier assigned to this vulnerability. |
| The sharebar plugin before 1.2.2 for WordPress has SQL injection. |
| BabyGekko before 1.2.4 has SQL injection. |
| contao prior to 2.11.4 has a sql injection vulnerability |
| IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to multiple scripts, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 78282. |
| Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allow remote attackers to execute arbitrary SQL commands via the (1) addip parameter to cgi-bin/scrut_fa_exclusions.cgi, (2) getPermissionsAndPreferences parameter to cgi-bin/login.cgi, or (3) possibly certain parameters to d4d/alarms.php as demonstrated by the search_str parameter. |
| SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. |
| A vulnerability was found in HD FLV PLayer Plugin up to 1.7 on WordPress. It has been rated as critical. Affected by this issue is the function hd_add_media/hd_update_media of the file functions.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. Upgrading to version 1.8 is able to address this issue. The patch is identified as 34d66b9f3231a0e2dc0e536a6fe615d736e863f7. It is recommended to upgrade the affected component. VDB-225350 is the identifier assigned to this vulnerability. |
| A vulnerability was found in 404like Plugin up to 1.0.2 on WordPress. It has been classified as critical. Affected is the function checkPage of the file 404Like.php. The manipulation of the argument searchWord leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 1.0.2 is able to address this issue. The name of the patch is 2c4b589d27554910ab1fd104ddbec9331b540f7f. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-223404. |
| Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filter bypass. |
| An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011. |
| Jara 1.6 has a SQL injection vulnerability. |
| The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input. |
| It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input. |
