| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable. |
| SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter. |
| Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) emlak_detay.asp and (b) haber_detay.asp, the (2) kategori parameter to (c) kategorisirala.asp, and the (3) tip parameter to (d) tipsirala.asp. |
| SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter. |
| SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and earlier for PostNuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a display_term action to index.php. |
| SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter. |
| SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter. |
| SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2 |
| Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem. |
| SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter. |
| SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API. |
| SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta allows remote attackers to execute arbitrary SQL commands via the oyun parameter. |
| SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. |
| SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
| SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter. |
| SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter. |
