| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php. |
| An issue was discovered in Advantech WebAccess Version 8.1. To be able to exploit the SQL injection vulnerability, an attacker must supply malformed input to the WebAccess software. Successful attack could result in administrative access to the application and its data files. |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. |
| INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter. |
| SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed. |
| SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter. |
| Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982. |
| SQL injection vulnerability in framework/core/models/expRecord.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. |
| FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter. |
| FS Freelancer Clone 1.0 has SQL Injection via the profile.php u parameter. |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. |
| Article Directory Script 3.0 allows SQL Injection via the id parameter to author.php or category.php. |
| FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. |
| Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI. |
| Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template. |
| Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in cms/admin.lib.php via $_GET['forwhat'], resulting in Information Disclosure. |
| Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter. |
| IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Reference #: 1999543. |
| The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter. |
| PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. |
