| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php. |
| SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy. |
| SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request. |
| SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter. |
| SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object. |
| Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. |
| SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7297. |
| Multiple SQL injection vulnerabilities in the Wysija Newsletters plugin before 2.2.1 for WordPress allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search or (2) orderby parameter to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands. |
| Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php. |
| SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed. |
| SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter. |
| SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash. |
| SQL injection vulnerability in ATCOM Netvolution 3 allows remote attackers to execute arbitrary SQL commands via the m parameter. |
| SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1.1.18.1658 allows remote authenticated users to execute arbitrary SQL commands via the value parameter. |
| SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly handled by plugins/useradmin/fingeruser.php. |
| SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified fields. |
| Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php. |
| Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors. |
