| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. |
| classes\controller\admin\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators. |
| FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter. |
| A vulnerability in the sponsor portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access notices owned by other users, because of SQL Injection. More Information: CSCvb15627. Known Affected Releases: 1.4(0.908). |
| Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter. |
| SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an activate_address address controller action, (2) title parameter in a show blog controller action, or (3) content_id parameter in a showComments expComment controller action. |
| Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525. |
| Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. |
| Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI. |
| FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter. |
| FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords parameter. |
| FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter. |
| FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter. |
| SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element. |
| Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter. |
| In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query. |
| SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter. |
| SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php. |
| SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php. |
