| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter. |
| Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. |
| Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. |
| Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter. |
| SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. |
| Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter. |
| SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in LetoDMS (formerly MyDMS) before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter. |
| Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job. |
| An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The Ecava IntegraXor web server has parameters that are vulnerable to SQL injection. If the queries are not sanitized, the host's database could be subject to read, write, and delete commands. |
| Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter. |
| SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php. |
| Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter. |
| The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application. |
| SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php. |
| Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter. |
| e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function. |
| The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php. |
| Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter. |
| Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter. |
