| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter. |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter. |
| Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter. |
| An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists. |
| Fiyo CMS 2.0.7 has SQL injection in dapur/apps/app_article/controller/article_list.php via $_GET['cat'], $_GET['user'], $_GET['level'], and $_GET['iSortCol_'.$i]. |
| GLPI before 9.1.5.1 has SQL Injection in the $crit variable in inc/computer_softwareversion.class.php, exploitable via ajax/common.tabs.php. |
| WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. |
| Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code. |
| SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php. |
| Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) id parameter. |
| SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. |
| SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php. |
| Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit parameter to admin/adminuseredit.php or the log_id parameter to admin/editgroup.php. |
| The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action. |
| Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php. |
| FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter. |
| Event Search Script 1.0 has SQL Injection via the /event-list city parameter. |
| Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter. |
| DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. |
| SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter. |
