| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter. |
| Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter. |
| tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php. |
| SLiMS 8 Akasia through 8.3.1 has SQL injection in admin/AJAX_lookup_handler.php (tableName and tableFields parameters), admin/AJAX_check_id.php, and admin/AJAX_vocabolary_control.php. It can be exploited by remote authenticated librarian users. |
| Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461. |
| SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter. |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. |
| SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter. |
| The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter. |
| PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter. |
| Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability than CVE-2008-3951, CVE-2009-3497, and CVE-2012-0982. |
| The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action. |
| SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted input |
| Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter. |
| Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-doifd-download.php or (2) class-doifd-landing-page.php in public/includes/. |
| Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter. |
| AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter. |
