| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO. |
| Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch. |
| Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter. |
| SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter. |
| Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to (1) index.php and (2) product-list.php. |
| SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646. |
| Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php. |
| Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions. |
| SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in default.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PageId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page. |
| SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in shoppingcart.asp in Ecommercemax Solutions Digital-goods seller (DGS) 1.5 allows remote attackers to execute arbitrary SQL commands via the d parameter. |
| SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter. |
