| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. |
| SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter. |
| SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL Execution" issue. |
| SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/. |
| SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the out parameter. |
| SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php. |
| SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information. |
| Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php. |
| SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php. |
| Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter. |
| SQL injection vulnerability in index.php in Codice CMS 2 allows remote attackers to execute arbitrary SQL commands via the tag parameter. |
| SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. |
| SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php. |
| SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in read.php in Flashlight Free Edition allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/. |
| SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php. |
