| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI. |
| Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. |
| Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525. |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id. |
| HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function. |
| Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter. |
| In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges). |
| Zomato Clone Script allows SQL Injection via the restaurant-menu.php resid parameter. |
| SQL injection vulnerability in ZCMS 1.1. |
| SQL injection vulnerability vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the host parameter to module/capacity_per_device/index.php. |
| Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. |
| SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters. |
| Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user parameter to user/login. |
| SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. |
| Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end. |
| SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter. |
| SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter. |
| SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter. |