| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449. |
| SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page. |
| SQL injection vulnerability in events/inc/events.inc.php in the Events plugin for Seditio CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the c parameter to plug.php. |
| SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action. |
| SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320. |
| SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter. |
| SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the products_id parameter. |
| SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. |
| Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php. |
| SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter. |
| SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter. |
| SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter. |
| Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to events_view.php and the (2) id parameter to events_clndr_view.php. |
| SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter. |
| SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter. |
| SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
