| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, information in the back-end database. IBM Reference #: 1999543. |
| Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timeline_edit.php or (3) pages/content_timeline_index.php. |
| IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858. |
| Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter. |
| PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter. |
| E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter. |
| MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating privileges. |
| EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb leading to remote root |
| Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter. |
| Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter. |
| SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. |
| Food Order Script 1.0 has SQL Injection via the /list city parameter. |
| Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter. |
| Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query. |
| PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. |
| IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744 |
| SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database |
| [ERPNext][Frappe Version <= 7.1.27] SQL injection vulnerability in frappe.share.get_users allows remote authenticated users to execute arbitrary SQL commands via the fields parameter. |
