| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_password action in sources/main.queries.php; iDisplayStart parameter to (3) datatable.logs.php or (4) a file in source/datatable/; or iDisplayLength parameter to (5) datatable.logs.php or (6) a file in source/datatable/; or allow remote authenticated users to execute arbitrary SQL commands via a sSortDir_ parameter to (7) datatable.logs.php or (8) a file in source/datatable/. |
| SQL injection vulnerability in the host_new_graphs function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via the cg_g parameter in a save action. |
| SQL injection vulnerability in the LTree converter in Pomm before 1.1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting. |
| SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi. |
| SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, and 9.x before 9.1.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter. |
| Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) content_type or (2) subtype parameter. |
| SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter. |
| SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_directory. |
| Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a contacts action, (3) dept_id parameter in a departments action, (4) project_id[] parameter in a project action, or (5) company_id parameter in a system action to index.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. |
| SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent. |
| SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php. |
| SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call. |
| SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter. |
| Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2) subadminmgt edit action or (3) cid parameter in an editcurrency action to admin/. |
| SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php. |
| SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, 1.6, and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the playid parameter to index.php. |
| SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
