| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in links.asp in ASPapp allows remote attackers to execute arbitrary SQL commands via the CatId parameter. |
| SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter. |
| SQL injection vulnerability in the guestbook component (components/guestbook/guestbook.php) in Drake CMS 0.4.11 and earlier allows remote attackers to execute arbitrary SQL commands via the Via HTTP header (HTTP_VIA) to index.php. |
| SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter. |
| Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266. |
| SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode. |
| SQL injection vulnerability in index.php in Easy CafeEngine allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-4604. |
| SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 allows remote attackers to execute arbitrary SQL commands via the gid parameter. |
| SQL injection vulnerability in viewevent.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/. |
| Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to vlanedit.php. NOTE: the vlanview.php and vlandel.php vectors are already covered by CVE-2007-6579. |
| SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter. |
| SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in Amazing Flash AFCommerce allows remote attackers to execute arbitrary SQL commands via the firstname parameter to an unspecified component, a different issue than CVE-2006-3794. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter. |
| Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action. |
