| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Simple POS 4.0.24 allows SQL Injection via a products/get_products/ columns[0][search][value] parameter in the management panel, as demonstrated by products/get_products/1. |
| An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/proxy/php.php and /pages/proxy/add.php can be exploited via specially crafted input, allowing an attacker to obtain information from a database. The vulnerability can only be triggered by an authorized user. |
| admin/Lib/Action/FpluginAction.class.php in FDCMS (aka Fangfa Content Manage System) 4.2 allows SQL Injection. |
| UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter. |
| postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privileges. |
| SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter. |
| An issue was discovered in Dolibarr through 7.0.0. expensereport/card.php in the expense reports module allows SQL injection via the integer parameters qty and value_unit. |
| In CIMTechniques CIMScan 6.x through 6.2, the SOAP WSDL parser allows attackers to execute SQL code. |
| FUEL CMS 1.4.1 allows SQL Injection via the layout, published, or search_term parameter to pages/items. |
| An issue is discovered in baijiacms V4. Blind SQL Injection exists via the order parameter in an index.php?act=index request. |
| An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation. |
| An issue was discovered in SeaCMS through 6.61. SQL injection exists via the tid parameter in an adm1n/admin_topic_vod.php request. |
| Gxlcms 2.0 before bug fix 20180915 has SQL Injection exploitable by an administrator. |
| BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login. |
| Vanilla before 2.6.1 allows SQL injection via an invitationID array to /profile/deleteInvitation, related to applications/dashboard/models/class.invitationmodel.php and applications/dashboard/controllers/class.profilecontroller.php. |
| e107_admin/banlist.php in e107 2.1.8 allows SQL injection via the old_ip parameter. |
| ThinkPHP before 5.1.23 allows SQL Injection via the public/index/index/test/index query string. |
| A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed. |
| An issue was discovered in PbootCMS. There is a SQL injection via the api.php/Cms/search order parameter. |
| An issue was discovered in PbootCMS. There is a SQL injection via the api.php/List/index order parameter. |
