| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the administration interface. |
| Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow an authenticated user to execute arbitrary SQL commands via multiple parameters to the /cvms-hub/privado/seccionesmib/secciones.xhtml resource. The POST parameters are j_idt118, j_idt120, j_idt122, j_idt124, j_idt126, j_idt128, and j_idt130 under formularioGestionarSecciones:tablaSeccionesMib:*:filter. The GET parameter is nombreAgente. |
| SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action. |
| SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request. |
| SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! via the id parameter in a task=getPlacemarkDetails request. |
| SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via a view=events action with a filter_creator or filter_events_cat parameter. |
| SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request. |
| SQL Injection exists in the Timetable Responsive Schedule 1.5 component for Joomla! via a view=event&alias= request. |
| SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request. |
| SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter. |
| SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request. |
| SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. |
| SQL Injection exists in the JEXTN Membership 3.1.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request. |
| SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter. |
| SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request. |
| Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data. |
| SQL Injection in HP Network Operations Management Ultimate, version 2017.07, 2017.11, 2018.02 and in Network Automation, version 10.00, 10.10, 10.11, 10.20, 10.30, 10.40, 10.50. This vulnerability could be remotely exploited to allow Remote SQL Injection. |
| An issue was discovered in Appnitro MachForm before 4.2.3. There is a download.php SQL injection via the q parameter. |
| SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action. |
| SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action. |
