| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter. |
| SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter. |
| SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action. |
| SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than CVE-2011-1546. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL commands via a certificateslist cookie to notification@/. |
| Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php. |
| SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
| Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. |
| SQL injection vulnerability in report.php in x10 Adult Media Script 1.7 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC) 3.3-rc2 allow remote attackers to execute arbitrary SQL commands via the (1) arsc_user parameter to base/admin/edit_user.php, (2) arsc_layout_id parameter in base/admin/edit_layout.php, or (3) arsc_room parameter to base/admin/edit_room.php. |
| SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action. |
| SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in detail.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the prodid parameter. |
| Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug function oc-includes/osclass/model/Category.php. NOTE: some of these details are obtained from third party information. |
| Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function. |
| SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the album_id parameter. |
