| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters. |
| SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters. |
| SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header. |
| SQL injection vulnerability in index.php in Web Template Management System 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a readmore action. |
| Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php. |
| SQL injection vulnerability in kategori.asp in Furkan Tastan Blog allows remote attackers to execute arbitrary SQL commands via the id parameter in a goster kat action. |
| SQL injection vulnerability in galerie.php in PHP Homepage M (phpHPm) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. |
| SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| Multiple SQL injection vulnerabilities in mutate_content.dynamic.php in MODx 0.9.6 allow remote attackers to execute arbitrary SQL commands via the (1) documentDirty or (2) modVariables parameter. |
| Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field. |
| SQL injection vulnerability in the Music module in phpBasic allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to the default URI. |
| SQL injection vulnerability in index.php in DeeEmm.com DM CMS 0.7.0.Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in the media page (build_media_content.php). NOTE: it was later reported that 0.7.4 is also affected. |
| Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters. |
| Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event Registration Template allow remote attackers to execute arbitrary SQL commands via the (1) Email Address and (2) Password fields in (a) login.asp and (b) admin_login.asp. |
| SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure. |
| SQL injection vulnerability in Amazing Flash AFCommerce allows remote attackers to execute arbitrary SQL commands via the firstname parameter to an unspecified component, a different issue than CVE-2006-3794. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in boards/printer.asp in ASP Message Board 2.2.1c allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the to parameter. |
| SQL injection vulnerability in the login page in phphelpdesk 0.6.16 allows remote attackers to execute arbitrary SQL commands via unspecified parameters related to the "login procedures." |
| SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
