| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. |
| EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands. |
| EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism. |
| SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element. |
| A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. The attacker could read or write information from the SQL database. The vulnerability is due to a lack of proper validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. An exploit could allow the attacker to determine the presence of certain values and write malicious input in the SQL database. The attacker would need to have valid user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.3. Cisco Bug IDs: CSCvf47935. |
| DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. |
| DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. |
| CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter. |
| Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. |
| Techno - Portfolio Management Panel through 2017-11-16 allows SQL Injection via the panel/search.php s parameter. |
| Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. |
| Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter. |
| Bus Booking Script 1.0 has SQL Injection via the txtname parameter to admin/index.php. |
| FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. |
| Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job. |
| Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter. |
| Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter. |
| Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter. |
| Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter. |
