| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. |
| Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982. |
| SQL injection vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to execute arbitrary SQL commands via the graph parameter to module/capacity_per_label/index.php. |
| A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request. |
| IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858. |
| FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter. |
| FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter. |
| FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter. |
| FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter. |
| Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter. |
| Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter. |
| Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter. |
| Event Search Script 1.0 has SQL Injection via the /event-list city parameter. |
| Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter. |
| Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter. |
| Professional Service Script 1.0 has SQL Injection via the service-list city parameter. |
| Readymade Video Sharing Script 3.2 has SQL Injection via the single-video-detail.php report_videos array parameter. |
| Single Theater Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter. |
| MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter. |
| Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter. |