| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET. |
| Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in user/index.php (search_supervisor and search_statut parameters). |
| PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category. |
| SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters. |
| The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php. |
| SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account. |
| Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter. |
| A vulnerability in the web framework code for the SQL database interface of the Cisco Prime Collaboration Provisioning application could allow an authenticated, remote attacker to impact the confidentiality and integrity of the application by executing arbitrary SQL queries, aka SQL Injection. The attacker could read or write information from the SQL database. The vulnerability is due to a lack of proper validation on user-supplied input within SQL queries. An attacker could exploit this vulnerability by sending crafted URLs that contain malicious SQL statements to the affected application. An exploit could allow the attacker to determine the presence of certain values and write malicious input in the SQL database. The attacker would need to have valid user credentials. This vulnerability affects Cisco Prime Collaboration Provisioning Software Releases prior to 12.3. Cisco Bug IDs: CSCvf47935. |
| Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords. |
| FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter. |
| FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter. |
| Event Search Script 1.0 has SQL Injection via the /event-list city parameter. |
| Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. |
| dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter. |
| SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter. |
| IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. |
| SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| Multiple SQL injection vulnerabilities in SmartCMS v.2. |
| DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. |
