| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 allows remote attackers to execute arbitrary SQL commands via the program parameter. |
| SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php. |
| SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2. |
| Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie. |
| Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) action to wp-admin/admin-ajax.php. |
| Multiple SQL injection vulnerabilities in Campaign11.exe in Arial Software Campaign Enterprise before 11.0.551 allow remote attackers to execute arbitrary SQL commands via the (1) SerialNumber field to activate.asp or (2) UID field to User-Edit.asp. |
| Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter to gxadmin/login.php. |
| SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. |
| SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157. |
| Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php. |
| SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php. |
| SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the "Site Browser > Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter. |
| Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php. |
| SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in the JSONTags servlet in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the sort parameter. |
| Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php. |
| Blind SQL Injection in wordpress plugin dukapress v2.5.9 |