| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple SQL injection vulnerabilities in Marinet CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) galleryphoto.php or (2) gallery.php; or the roomid parameter to (3) room.php or (4) room2.php. |
| SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php. |
| SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data. |
| Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691. |
| Multiple SQL injection vulnerabilities in Symantec Altiris WISE Package Studio before 8.0MR1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns. |
| SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter. |
| SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1. |
| Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support. |
| SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php. |
| SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query. |
| SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php. |
| SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial action to index.php. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account. |
| SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in MODx Evolution before 1.0.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors related to WebLogin. |
