| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| GLPI before 9.1.5.1 has SQL Injection in the condition rule field, exploitable via front/rulesengine.test.php. |
| IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 125719. |
| INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter. |
| SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter. |
| An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution. |
| eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input. |
| tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php. |
| Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461. |
| A SQL injection vulnerability exists in the BIG-IP AFM management UI on versions 12.0.0, 12.1.0, 12.1.1, 12.1.2 and 13.0.0 that may allow a copy of the firewall rules to be tampered with and impact the Configuration Utility until there is a resync of the rules. Traffic processing and the live firewall rules in use are not affected. |
| In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php. |
| FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari. |
| FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter. |
| Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter. |
| Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter. |
| Advance B2B Script 2.1.3 has SQL Injection via the tradeshow-list-detail.php show_id or view-product.php pid parameter. |
| Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the booker_details.php sourcebus parameter. |
| CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail. |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123297. |
| Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter. |
| Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter to /job. |
