| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in detail.php in MountainGrafix easyLink 1.1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a show action. |
| SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter. |
| SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter. |
| Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp. |
| SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action. |
| SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character. |
| Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php. |
| SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields. |
| SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| SQL injection vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie. |
| SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php. |
| Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected. |
| SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action. |
| SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php. |
| Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp. |
