| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m allows remote attackers to execute arbitrary SQL commands via the start parameter. |
| SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter. |
| SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the username (Username parameter). |
| SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a Cat action. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter). |
| SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx Professional 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
| SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
| SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. |
| SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter. |
| SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field. |
| Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. |
| SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter. |
| SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field. |
| Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters. |
| SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter. |
| SQL injection vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to execute arbitrary SQL commands via the results_per_page parameter to index.php. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the products_id array parameter in a multiple_products_add_product action, a different vulnerability than CVE-2008-6985. |
| SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. |
