| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter. |
| SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch action to wp-admin/admin-ajax.php. |
| SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter. |
| SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-admin/admin-ajax.php. |
| Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter. |
| SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a gb_ajax_get_group action to wp-admin/admin-ajax.php. |
| SQL injection vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) 6.2.x, 6.3.x before 6.3.6, and 6.4.x before 6.4.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php. |
| SQL injection vulnerability in Php/Functions/log_function.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header. |
| SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter. |
| SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter. |
| SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. |
| SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action. |
| SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to execute arbitrary SQL commands via the srch_txt parameter in a "the_search_text" action to wp-admin/admin-ajax.php. |
| Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlySurvey.aspx or (2) remote authenticated users to execute arbitrary SQL commands via the SurveyID parameter to survey/UploadImagePopupToDb.aspx. |
| Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) uid parameter in an add_friend action to ajax.php; id parameter in a (2) share_object, (3) add_to_fav, (4) rating, or (5) flag_object action to ajax.php; cid parameter in an (6) add_new_item, (7) remove_collection_item, (8) get_item, or (9) load_more_items action to ajax.php; (10) ci_id parameter in a get_item action to ajax.php; user parameter to (11) user_contacts.php or (12) view_channel.php; (13) pid parameter to view_page.php; (14) tid parameter to view_topic.php; or (15) v parameter to watch_video.php. |
| SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in clientreport.php in the management console in Symantec Web Gateway (SWG) before 5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) GetClientPackage.aspx or (2) GetProcessedPackage.aspx. |
| SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary SQL commands via the ANDOR parameter, as demonstrated by a request to STATE_ID/1425543888647/SQLAdvancedALSearchResult.cc. |
