| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. |
| Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php. |
| SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter. |
| Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php, (2) details.php, (3) roomtypes.php, (4) photos.php, (5) map.php, (6) weather.php, (7) reviews.php, and (8) book.php. |
| SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal W3 allows remote attackers to execute arbitrary SQL commands via the kat parameter. |
| Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidrecipe) 1.6.5 and earlier component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) user_id or (2) category_id parameter. NOTE: this might overlap CVE-2008-0754. |
| SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter. |
| SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter. |
| SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Email parameter (aka the username field). NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
| SQL injection vulnerability in include/get_userdata.php in Power Phlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php. |
| SQL injection vulnerability in BosClassifieds Classified Ads System 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. |
| SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search_games action. |
| SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in boards/printer.asp in ASP Message Board 2.2.1c allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp. |