| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter. |
| PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter. |
| SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input |
| Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the PATH_INFO to the /p URI. |
| The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action. |
| Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525. |
| Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter. |
| IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Reference #: 1992067. |
| The Configuration component of Piwigo 2.9.2 is vulnerable to SQL Injection via the admin/configuration.php order_by array parameter. An attacker can exploit this to gain access to the data in a connected MySQL database. |
| SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. |
| Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. |
| Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData. |
| A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id. |
| Basic B2B Script allows SQL Injection via the product_view1.php pid or id parameter. |
| CPA Lead Reward Script allows SQL Injection via the username parameter. |
| SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action. |
| IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Reference #: 1999543. |
| The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item. |
| A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. The attacker could read or write information from the SQL database. The vulnerability is due to a lack of proper validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. An exploit could allow the attacker to determine the presence of certain values and write malicious input in the SQL database. The attacker would need to have valid user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.3. Cisco Bug IDs: CSCvf47935. |
| SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
