| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter. |
| Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job. |
| Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. |
| DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php. |
| Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter. |
| SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. |
| The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action. |
| SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php. |
| The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via the /admin/user_list_backend.php sSortDir_0 parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. |
| Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter. |
| Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. |
| SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. |
| Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Scripting accessible data as well as unauthorized access to critical data or complete access to all Oracle Scripting accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). |
| TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x before 7.6.1, 7.7.x before 7.7.1, and 7.8.x before 7.8.1 and Spotfire Analytics Platform for AWS Marketplace 7.8.0 and earlier contain multiple vulnerabilities which may allow authorized users to perform SQL injection attacks. |
| SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter. |
| Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php. |
| GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter. |
| SQL injection vulnerability in Pragyan CMS 3.0. |