| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element. |
| EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL injection vulnerabilities. A remote authenticated attacker may potentially exploit these vulnerabilities to gain information about the application by causing execution of arbitrary SQL commands. |
| SQL injection vulnerability in ZCMS 1.1. |
| SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters. |
| Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. |
| SQL injection vulnerability in Sefrengo before 1.6.5 beta2. |
| Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter. |
| Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. |
| Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. |
| Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525. |
| Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing. |
| PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter. |
| PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter. |
| Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter. |
| FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to tutorial/. |
| TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php. |
| Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter. |
| e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function. |
| Yoga Class Script 1.0 has SQL Injection via the /list city parameter. |
| A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database. |
