| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. |
| SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a listarticles action. |
| SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter. |
| SQL injection vulnerability in BackLinkSpider allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to a site-specific component name such as link.php or backlinkspider.php. |
| SQL injection vulnerability in index.php in Galleristic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| SQL injection vulnerability in step1.asp in Systementor PostcardMentor allows remote attackers to execute arbitrary SQL commands via the cat_fldAuto parameter. |
| SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php. |
| SQL injection vulnerability in comments.php in Gamma Scripts BlogMe PHP 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to show.php and the (2) login parameter to admin.php. |
| Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) mois, (2) an, (3) jour, and (4) id parameters to index.php, and the (5) login parameter to gestion/logon.php, different vectors than CVE-2008-2183. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote attackers to bypass EQdkp user authentication via the user_id parameter. |
| SQL injection vulnerability in group_posts.php in vShare YouTube Clone 2.6 allows remote attackers to execute arbitrary SQL commands via the tid parameter. |
| SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter. |
| SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allows remote attackers to execute arbitrary SQL commands via the hal parameter. |
| SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| Multiple SQL injection vulnerabilities in jobseekers/JobSearch.php (aka the search module) in Pre Job Board allow remote attackers to execute arbitrary SQL commands via the (1) position or (2) kw parameter. |
| Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to showcategory.php and the (2) id parameter to software-description.php. |
| Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
