| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in interface/de_identification_forms/find_immunization_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter. |
| Multiple SQL injection vulnerabilities in portal/add_edit_event_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) eid, (2) userid, or (3) pid parameter. |
| SQL injection vulnerability in interface/de_identification_forms/find_drug_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the search_term parameter. |
| Multiple SQL injection vulnerabilities in portal/find_appt_popup_user.php in versions of OpenEMR before 5.0.1.4 allow a remote attacker to execute arbitrary SQL commands via the (1) catid or (2) providerid parameter. |
| An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.address.php has SQL Injection via the numPerPage parameter. |
| An issue was discovered in EMLsoft 5.4.5. upload\eml\action\action.user.php has SQL Injection via the numPerPage parameter. |
| dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter. |
| CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker can inject malicious queries into the application and obtain sensitive information. |
| An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp and /references/refbranu.jsp is mishandled before being used in SQL queries, allowing SQL injection with an authenticated session. |
| A SQL injection flaw was found in katello's errata-related API. An authenticated remote attacker can craft input data to force a malformed SQL query to the backend database, which will leak internal IDs. This is issue is related to an incomplete fix for CVE-2016-3072. Version 3.10 and older is vulnerable. |
| The CWJoomla CW Article Attachments PRO extension before 2.0.7 and CW Article Attachments FREE extension before 1.0.6 for Joomla! allow SQL Injection within download.php. |
| A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter. |
| controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters. |
| manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demonstrated by crafted POST data beginning with an "m_id=1 AND SLEEP(5)" substring. |
| An issue was discovered in WUZHI CMS 4.1.0. The vulnerable file is coreframe/app/order/admin/goods.php. The $keywords parameter is taken directly into execution without any filtering, leading to SQL injection. |
| An issue was discovered in cckevincyh SSH CompanyWebsite through 2018-05-03. SQL injection exists via the admin/noticeManageAction_queryNotice.action noticeInfo parameter. |
| In Msvod Cms v10, SQL Injection exists via an images/lists?cid= URI. |
| joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter. |
| The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo. |
| Pimcore before 5.3.0 allows SQL Injection via the REST web service API. |
