| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679. |
| SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php. |
| SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action. |
| SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter. |
| SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter. |
| SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php. |
| SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. |
| SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to execute arbitrary SQL commands via the pid parameter. |
| SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the y parameter in a get_user action. |
| SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter. |
| SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549. |
| SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter. |
| SQL injection vulnerability in users.php in Mihalism Multi Host allows remote attackers to execute arbitrary SQL commands via the username parameter in a lost_password_go action. |
| SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie. |
| SQL injection vulnerability in functions/browse.php in Ganesha Digital Library (GDL) 4.0 and 4.2 allows remote attackers to execute arbitrary SQL commands via the node parameter in a browse action to gdl.php. |
