| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action. |
| SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database. |
| SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read the content database. |
| Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API request to (1) unsubscribe_forum.php or (2) unsubscribe_topic.php in mobiquo/functions/. |
| SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5. |
| Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. |
| Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Multiple SQL injection vulnerabilities in the com.rim.mdm.ui.server.ImageServlet servlet in BlackBerry Enterprise Server 12 (BES12) Self-Service before 12.4 allow remote attackers to execute arbitrary SQL commands via the imageName parameter to (1) mydevice/client/image, (2) admin/client/image, (3) myapps/client/image, (4) ssam/client/image, or (5) all/client/image. |
| Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. |
| SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1976805. |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. |
| Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and attendees.php code do not sanitize input, this allows for blind SQL injection via the event parameter. |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in survey_form.php does not sanitize the action variable before placing it inside of an SQL query. |
| Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. |
| Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, The function edit_event_category does not sanitize user-supplied input via the $id parameter before passing it into an SQL statement. |
| Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The variable $delid isn't sanitized before being passed into an SQL query in file ./rk-responsive-contact-form/include/rk_user_list.php. |
| Vulnerability in wordpress plugin wordpress-gallery-transformation v1.0, SQL injection is in ./wordpress-gallery-transformation/gallery.php via $jpic parameter being unsanitized before being passed into an SQL query. |