| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id. |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id. |
| FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter. |
| Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI. |
| FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, tvshow.php s parameter, or show_misc_video.php id parameter. |
| Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter. |
| The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item. |
| PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. |
| The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter. |
| An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perform SQL injection, as demonstrated by a backslash character at the end of a bean_id to modules/Emails/DetailView.php. An attacker could exploit these vulnerabilities by sending a crafted SQL request to the affected areas. An exploit could allow the attacker to modify the SQL database. Proper SQL escaping has been added to prevent such exploits. |
| FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter. |
| MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter. |
| SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id parameter. |
| FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter. |
| Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter. |
| SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 126462. |
| Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. |
| SQL injection vulnerability in the users data handler in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
