| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote attackers to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp or (b) start.asp. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remote attackers to execute arbitrary SQL commands via the site parameter. |
| SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php. |
| SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter. |
| SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain. |
| SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in display.asp in Civica Software Civica allows remote attackers to execute arbitrary SQL commands via the Entry parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query. |
| SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355. |
| Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO GUN +) 2.5.5 MySQL and PostgreSQL editions allow remote attackers to execute arbitrary SQL commands via the (1) p, (2) e, (3) d, and (4) m parameters, a different vulnerability than CVE-2008-2819. |
| Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value. |
| SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the user parameter. |
| SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in index.php in Carscripts Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2.0 allow remote attackers to execute arbitrary SQL commands via the KayitNo parameter to (1) diger.php and (2) sayfalar.php. |
| SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter. |
| SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917. |
| SQL injection vulnerability in index.php in SimpCMS allows remote attackers to execute arbitrary SQL commands via the keyword parameter in a search site action. |
| SQL injection vulnerability in projects.php in Scientific Image DataBase 0.41 allows remote attackers to execute arbitrary SQL commands via the id parameter. |