| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS allows remote attackers to execute arbitrary SQL commands via the cf_id parameter. |
| Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php. |
| SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter. |
| SQL injection vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to execute arbitrary SQL commands via the search parameter. |
| Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) ndetail.php and (2) print.php. |
| SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action. |
| SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. |
| SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action. |
| SQL injection vulnerability in the Publisher module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printarticle action to mod.php, a different vector than CVE-2007-3394. |
| SQL injection vulnerability in modules/sections/index.php in E-Xoopport Samsara 3.1 and earlier, when the Tutorial module is enabled, allows remote attackers to execute arbitrary SQL commands via the secid parameter in a listarticles action. |
| Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details are obtained from third party information. NOTE: the password vector might not be vulnerable. |
| SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593. |
| SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method. |
| SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information. |
| Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php. |
| SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php. |