| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable through index.php; (2) the word parameter in a play keyw action to the link module, reachable through index.php; (3) the id_certificate parameter in an elemmetacertificate action to the meta_certificate module, reachable through index.php; or (4) the id_certificate parameter in an elemcertificate action to the certificate module, reachable through index.php. |
| SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| SQL injection vulnerability in search.php in SocialCMS 1.0.5 allows remote attackers to execute arbitrary SQL commands via the category parameter. |
| SQL injection vulnerability in artykul_print.php in CreateVision CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php. |
| SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. |
| SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter. |
| Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI. |
| actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing WHERE clauses via a crafted request that leverages (1) third-party Rack middleware or (2) custom Rack middleware. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-0155. |
| Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) Default.aspx, (3) Services/SiteAdmin.asmx, or (4) Client/frmViewReports.aspx; certain cookies to (5) Services/SiteAdmin.asmx or (6) login.aspx; the Referer HTTP header to (7) Services/SiteAdmin.asmx or (8) login.aspx; or (9) the User-Agent HTTP header to Services/SiteAdmin.asmx. |
| SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. |
| SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp. |
| Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx. |
| SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used, allows remote attackers to execute arbitrary SQL commands via a crafted string in a PostGIS TIME filter. |
| Multiple SQL injection vulnerabilities in sam/admin/reports/php/saveSettings.php in the (1) APM WebGUI in F5 BIG-IP LTM, GTM, ASM, Link Controller, PSM, APM, Edge Gateway, and Analytics and (2) AVR WebGUI in WebAccelerator and WOM 11.2.x before 11.2.0-HF3 and 11.2.x before 11.2.1-HF3 allow remote authenticated users to execute arbitrary SQL commands via the defaultQuery parameter. |
| SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege. |
| Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in Approvals/ in Request Tracker (RT) 4.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the ShowPending parameter. NOTE: the vendor disputes this issue, stating "We were unable to replicate it, and the individual that reported it retracted their report," and "we had verified that the claimed exploit did not function according to the author's claims. |
