| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. |
| SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters. |
| SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. NOTE: the game_id vector is already covered by CVE-2008-4460. |
| SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter. |
| Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admin/index.php. |
| SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074. |
| Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in report.php in Meeting Room Booking System (MRBS) before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the typematch parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name). |
| Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation. |
| SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter. |
| SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590. |
| SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters. |
| Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php. |
| Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php. |
| SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)." |
