| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple SQL injection vulnerabilities in admin/adminindex.php in Turnkey Web Tools SunShop Shopping Cart 4.1.0 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) orderby and (2) sort parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter. |
| SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php. |
| SQL injection vulnerability in searchbanners.asp in Xigla Absolute Banner Manager XE 2.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter. |
| SQL injection vulnerability in search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter. |
| SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action. |
| SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote attackers to execute arbitrary SQL commands via the page parameter. |
| SQL injection vulnerability in newsarchive.php in PHPeasyblog (formerly phpeasynews) 1.13 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter. |
| SQL injection vulnerability in category.php in AJSquare AJ Auction Pro web 2.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. |
| SQL injection vulnerability in default.asp in sHibby sHop 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sayfa parameter. |
| SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. |
| Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow remote attackers to execute arbitrary SQL commands via the (1) eventID parameter to event_info.php and the (2) userID parameter to list_user.php. |
| SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter. |
| SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a category action. |
| SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows remote attackers to execute arbitrary SQL commands via the cat parameter. |
| SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the tsk_id parameter. |
| SQL injection vulnerability in news.php in Advanced Webhost Billing System (AWBS) 2.3.3 through 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the viewnews parameter. |
| SQL injection vulnerability in details.php in Application Dynamics Cartweaver 3.0 allows remote attackers to execute arbitrary SQL commands via the prodId parameter, possibly a related issue to CVE-2006-2046.3. |
| SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the sort parameter. |
| SQL injection vulnerability in Webmatic before 2.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
