| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL injection attacks via the sort, sort_by, search{URL], or search[attachment] parameter to the email search feature. |
| Heybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may allow a remote attacker to execute arbitrary code. |
| Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ID parameter which may allow a remote attacker to execute arbitrary code. |
| Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ID parameter which may allow a remote attacker to execute arbitrary code. |
| SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items. |
| An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php. |
| A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQuery parameter allows an unauthenticated attacker to access the database by injecting SQL code via a crafted POST request. |
| A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass. |
| The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers to retrieve all databases. |
| PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. |
| FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. |
| SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter. |
| In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability. |
| Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03. |
| Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which was fixed in 6.3.0.03. |
| A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD). |
| Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped. |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information. |
