| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In osTicket before 1.10.1, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php. |
| Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. |
| Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. |
| US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter. |
| In Moodle 2.x and 3.x, SQL injection can occur via user preferences. |
| Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter. |
| SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginName field. |
| SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. |
| AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter. |
| PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category. |
| Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter. |
| ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604. |
| PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter. |
| Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972. |
| Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461. |
| tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php. |
| Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php. |
| SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971. |
| Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php |
| Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement. |
