| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism. |
| SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/. |
| The "Smart related articles" extension 1.1 for Joomla! has SQL injection in dialog.php (attacker must use search_cats variable in POST method to exploit this vulnerability). |
| Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end. |
| WPHRM Human Resource Management System for WordPress 1.0 allows SQL Injection via the employee_id parameter. |
| Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. |
| Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password. |
| FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function). |
| An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. The SoftCMS Application does not properly sanitize input that may allow a remote attacker access to SoftCMS with administrator's privilege through specially crafted input (SQL INJECTION). |
| DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. |
| The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. |
| Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. |
| Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id parameter to group.php, the (3) status_id parameter to status.php, the (4) resolution_id parameter to resolution.php, the (5) severity_id parameter to severity.php, the (6) priority_id parameter to priority.php, the (7) os_id parameter to os.php, or the (8) site_id parameter to site.php. |
| Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/. |
| SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime before 1.6.29 and 1.7.x before 1.7.7; and Ops Manager 1.7.x before 1.7.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter. |
| Multiple SQL injection vulnerabilities in SmartCMS v.2. |
| SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action. |
| The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php. |
| e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function. |
