| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action. |
| SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI. |
| SQL injection vulnerability in news_detail.php in Virtue News Manager allows remote attackers to execute arbitrary SQL commands via the nid parameter. |
| SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php. |
| SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989. |
| SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter. |
| SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cagtegory parameter in a story_lists action to index.php. |
| SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the password parameter. |
| SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter. |
| SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter. |
| Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidrecipe) 1.6.5 and earlier component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) user_id or (2) category_id parameter. NOTE: this might overlap CVE-2008-0754. |
| SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter. |
| SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter. |
| SQL injection vulnerability in ProArcadeScript 1.3 allows remote attackers to execute arbitrary SQL commands via the random parameter to the default URI. |
| SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie. |
| Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid parameter to index.php in a ShowForum action to the Forum module; (4) the tid parameter to index.php in a ShowTopic action to the Forum module; (5) the uname parameter to index.php in a UserInfo action to the Account module; or (6) the module parameter to index.php, probably related to the TopSites module. |
| SQL injection vulnerability in success_story.php in php Online Dating Software MyPHPDating allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in view.php in 212cafe Board 0.07 allows remote attackers to execute arbitrary SQL commands via the qID parameter. |
| SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter. |
