| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter. |
| FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter. |
| FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter. |
| Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter. |
| Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter. |
| Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter. |
| Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter. |
| Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter. |
| BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files. |
| Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. |
| IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858. |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter. |
| NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action. |
| The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. |
| The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. |
| The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/batch_manager_unit.php element_ids parameter in unit mode. An attacker can exploit this to gain access to the data in a connected MySQL database. |
| SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php. |
| SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/modules/designer/ and the injection is visible at admin/dashboard/vitals-statistics/integrity/check/?external=true. |
| SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection exists in Quest KACE Asset Management Appliance 6.4.120822 through 7.2, Systems Management Appliance 6.4.120822 through 7.2.101, and K1000 as a Service 7.0 through 7.2. |