| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter. |
| SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter. |
| SQL injection vulnerability in poll_results.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from third party information. |
| Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allow remote attackers to execute arbitrary SQL commands via (1) the f parameter in a showforum action, (2) the u parameter in a profile action, (3) the viewcat parameter, or (4) a combination of scb_uid and scb_ident cookie values. |
| SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter. |
| SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. |
| SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter. |
| SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter. |
| Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and (2) profil.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the (1) QUERY parameter to search.php and (2) USERNAME parameter to login.php. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in category.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. |
| Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/. |
| SQL injection vulnerability in default.asp in Okul Otomasyon Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode. |
| SQL injection vulnerability in findoffice.php in Check Up New Generation (aka Check New) 4.52, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter. |
| SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action. |
| Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php. |
