| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. |
| SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to execute arbitrary SQL commands via the search parameter. |
| Multiple SQL injection vulnerabilities in clientes.asp in the TopManage OLK module 1.91.30 for SAP allow remote attackers to execute arbitrary SQL commands via the (1) PriceFrom, (2) PriceTo, and (3) InvFrom parameters, as reachable from olk/c_p/searchCart.asp, and other unspecified vectors when performing an advanced search. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in profile_view.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php. |
| SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter. |
| SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter. |
| Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execute arbitrary SQL commands via the titlu parameter (title field). NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter. |
| SQL injection vulnerability in index.php in HauntmAx Haunted House Directory Listing CMS allows remote attackers to execute arbitrary SQL commands via the state parameter in a listings action. |
| SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171. |
| SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942. |
| SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
