| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected. |
| In NOKIA NFM-T R19.9, a SQL Injection vulnerability occurs in /cgi-bin/R19.9/easy1350.pl of the VM Manager WebUI via the id or host HTTP GET parameter. An authenticated attacker is required for exploitation. |
| In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. Exploitation requires an authenticated attacker. Through the injection of arbitrary SQL statements, a potential authenticated attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. |
| AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. |
| ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface. |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request. |
| Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page. |
| SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf. |
| SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf. |
| SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf. |
| SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf. |
| Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php. |
| Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php. |
| Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php. |
| Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php. |
| Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php. |
| Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. The project has released an update, please upgrade to v1.9.0 and above. |
| Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface. |
| Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface. |
| Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply. |
