| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0. |
| ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604. |
| US Zip Codes Database Script 1.0 allows SQL Injection via the state parameter. |
| Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name. |
| SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter. |
| SQL injection vulnerability in Cybozu Garoon before 4.2.2. |
| SQL injection vulnerability in Posts.class.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element. |
| SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php. |
| Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. |
| SQL injection vulnerability in Sefrengo before 1.6.5 beta2. |
| Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request. |
| SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. |
| MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter. |
| A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information. |
| SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater parameter to cheaterbox.php. |
| SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the watupro_questions parameter in a watupro_submit action to wp-admin/admin-ajax.php. |
| The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system. |
| SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the filters array parameter, exploitable by a privileged account. |
| Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
