| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798. |
| SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter. |
| SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099. |
| SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php. |
| SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 component for Joomla! via the pin_id or user_id parameter in a task=getlikeinfo action, the ends parameter in a view=gift action, the category parameter in a view=home action, the uid parameter in a view=pindisplay action, the searchVal parameter in a view=search action, or the uid parameter in a view=likes action. |
| SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php. |
| SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request. |
| SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI. |
| SQL Injection exists in the JquickContact 1.3.2.2.1 component for Joomla! via a task=refresh&sid= request. |
| SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request. |
| SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter. |
| SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action. |
| SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field. |
| SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field. |
| SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request. |
| Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 via function/account.php, as demonstrated by modifying the admin password. |
| SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! via the shoutauthor parameter to the archive URI. |
| SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter. |
| SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter. |
| SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI. |
