| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the y parameter in a get_user action. |
| SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver allows remote authenticated users to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. |
| SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter. |
| SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field). NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter. |
| SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter. |
| SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Shopping Malls allows remote attackers to execute arbitrary SQL commands via the (1) sid and (2) cid parameters. |
| SQL injection vulnerability in index.php in Five Dollar Scripts Drinks script allows remote attackers to execute arbitrary SQL commands via the recid parameter. |
| SQL injection vulnerability in software-description.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php. |
| SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter. |
| SQL injection vulnerability in showcategory.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| SQL injection vulnerability in view_reviews.php in Scripts for Sites (SFS) EZ Gaming Cheats allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ BIZ PRO allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in category.php in Scripts For Sites (SFS) EZ Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admincp/image.php. |
| SQL injection vulnerability in plugins/users/index.php in Galatolo WebManager 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
