| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information. |
| Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php. |
| SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action. |
| SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
| SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm. |
| SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter. |
| Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action. |
| SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter. |
| SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than CVE-2011-1546. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate. |
| SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647. |
| Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to execute arbitrary SQL commands via the (1) f, (2) l, or (3) n parameter, aka Bug ID CSCtj42064. |
| SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action. |
