| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter. |
| SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action. |
| SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields. |
| SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| Multiple SQL injection vulnerabilities in the Welcart e-Commerce plugin 1.3.12 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) changeSort or (2) switch parameter in the usces_itemedit page to wp-admin/admin.php. |
| SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. |
| SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action. |
| SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php. |
| SQL injection vulnerability in question.php in the mTouch Quiz before 3.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the quiz parameter to wp-admin/edit.php. |
| SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter. |
| Multiple SQL injection vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote authenticated users to execute arbitrary SQL commands via unspecified interfaces. |
| Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php. |
| SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. |
| Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password. |
| SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients module to the default URI. |
| SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter. |
