| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in my_orders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action. |
| SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor. |
| SQL injection vulnerability in directory.php in Sites for Scripts (SFS) EZ Home Business Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. |
| Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php. |
| SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 allows remote attackers to execute arbitrary SQL commands via the event_id parameter. |
| SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter. |
| SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arbitrary SQL commands via the moduleid parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php. |
| SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php. |
| SQL injection vulnerability in start.php in Webace-Linkscript (wls) 1.3 Special Edition (SE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik go action. |
| SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI. |
| SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter. |
| Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588. |
| SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php. |
| SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. |
| SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. |
| Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp. |