| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end. |
| SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter. |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list. |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id. |
| The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application. |
| SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter. |
| Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters). |
| FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter. |
| FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter. |
| SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php. |
| FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter. |
| FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter. |
| FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter. |
| BigTree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in manifest.json in an uploaded package. This issue exists in core\admin\modules\developer\extensions\install\process.php and core\admin\modules\developer\packages\install\process.php. NOTE: the vendor states "You must implicitly trust any package or extension you install as they all have the ability to write PHP files. |
| FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter. |
| WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. |
| EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system. |
| EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands. |
| Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php. |