| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerability in the espcms_web/Search.php component via the attr_array parameter. This vulnerability allows attackers to access sensitive database information. |
| SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain sensitive information via the 'flag' parameter in the component '/coreframe/app/order/admin/index.php'. |
| SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbitrary code via the component "aitecms/login/diy_list.php". |
| SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php. |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordAction.php. |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in wordModel.php's getdata function. |
| SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privileges due to loose filtering of parameters in customerAction.php |
| SQL Injection vulnerability in WebPort <=1.19.1 via the new connection, parameter name in type-conn. |
| SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_prefix parameter in install_db.php. |
| SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary code via the "username" parameter in the component "chkuser.php". |
| SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enquiry field found in the Message con_content field. |
| SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic information field found in the avatar usd_image field. |
| PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability in the component search.php via the search parameter. This vulnerability allows attackers to access sensitive database information. |
| ED01-CMS v1.0 was discovered to contain a SQL injection in the component cposts.php via the cid parameter. |
| Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.php via the (1) ad_id, (2) menu_id, and (3) cashout_id parameters, which could let a remote malicious user execute arbitrary code. |
| SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd action in basic.php. |
| SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.php/home/api/shop fBill parameter. |
| SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page if a website uses a PDO connection. |
| SQL Injection Vulnerability in ECTouch v2 via the integral_min parameter in index.php. |
| A lack of filtering for searched keywords in the search bar of YouDianCMS 8.0 allows attackers to perform SQL injection. |
