| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter. |
| Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter. |
| SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter. |
| Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter. |
| Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter. |
| FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. |
| Professional Service Script 1.0 has SQL Injection via the service-list city parameter. |
| Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter. |
| Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. |
| OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xAdmin/html/cm_doclist_view_uc.jsp, parameter: documentId. In order for this vulnerability to be exploited, an attacker must authenticate to the application first. |
| DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. |
| The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action. |
| Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. |
| Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter. |
| Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter. |
| SQL injection vulnerability in core services in Intel Security McAfee ePolicy Orchestrator (ePO) 5.3.2 and earlier and 5.1.3 and earlier allows attackers to alter a SQL query, which can result in disclosure of information within the database or impersonation of an agent without authentication via a specially crafted HTTP post. |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query. |
| [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. |
| The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action. |