| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018. |
| SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter. |
| SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter. |
| SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. |
| SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote attackers to execute arbitrary SQL commands via the order_sn parameter in an order_query action. |
| SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog 0.7.6 allows remote attackers to execute arbitrary SQL commands via the mod parameter. |
| Multiple SQL injection vulnerabilities in index.php in Insanely Simple Blog 0.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter, or (2) the term parameter in a search action. NOTE: the current_subsection parameter is already covered by CVE-2007-3889. |
| Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component. |
| SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626. |
| SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action. |
| SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function definitions |
| SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683. |
| SQL injection vulnerability in view_reviews.php in Scripts for Sites (SFS) EZ Gaming Cheats allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter. |
| SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and earlier, and Siteframe Beaumont 5.0.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in index.php in AJ Square AJ Article allows remote attackers to execute arbitrary SQL commands via the txtName parameter (aka the username field). |
| Multiple SQL injection vulnerabilities in cpLinks 1.03, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) admin_username parameter (aka the username field) to admin/index.php and the (2) search_text and (3) search_category parameters to search.php. NOTE: some of these details are obtained from third party information. |
