| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. |
| Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. |
| Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php. |
| Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php. |
| Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in includes/functions.php, and (4) unspecified variables in modules/chat.php, as demonstrated via the (a) show parameter in an online action to index.php; (b) PATH_INTO to the room/ handler; (c) image and (d) id parameters in a vote action to index.php; (e) PATH_INFO to the blog/ handler; and (f) id parameter in a blog_edit action to index.php. |
| SQL injection vulnerability in members_search.php in iFusion Services iFdate 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the name field. |
| SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username. |
| SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter. |
| Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters. |
| SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command. |
| SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php. |
| SQL injection vulnerability in login.php in Pre Lecture Exercises (PLEs) CMS 1.0 beta 4.2 allows remote attackers to execute arbitrary SQL commands via the school parameter. |
| SQL injection vulnerability in browsecats.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters. |
| SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter. |
| SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter. |
| SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. |
