13176 matches found
CVE-2020-24769
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter...
CVE-2020-21176
SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter...
CVE-2020-20295
An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands...
CVE-2020-19821
A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders parameter...
CVE-2014-3934
SQL injection vulnerability in the SubmitNews module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics parameter to modules.php...
CVE-2014-100035
SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-9102
Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics parameter in an unfavorite action to index.php...
CVE-2014-9240
SQL injection vulnerability in member.php in MyBB aka MyBulletinBoard 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the questionid parameter in a doregister action...
CVE-2014-9097
Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery contus-video-gallery plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow 1 remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php ...
CVE-2014-2317
SQL injection vulnerability in ajaxudf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information...
CVE-2014-4850
SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter...
CVE-2014-8999
SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter...
CVE-2010-5096
Multiple SQL injection vulnerabilities in MyBB aka MyBulletinBoard before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a 1 dosearch action to search.php or 2 dostuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this...
CVE-2010-1918
SQL injection vulnerability in askchat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatroomsID parameter...
CVE-2010-2015
Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote attackers to execute arbitrary SQL commands via 1 the id parameter in a viewinbox action to cp/cpmessages.php or 2 the id parameter to cp/editemail.php...
CVE-2010-2673
SQL injection vulnerability in profileview.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2010-2683
SQL injection vulnerability in result.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the subcatid parameter...
CVE-2010-2577
Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbitrary SQL commands via the title parameter to 1 storyrss.php or 2 story.php...
CVE-2010-4365
SQL injection vulnerability in JE Ajax Event Calendar comjeajaxeventcalendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventid parameter in an alleventlistmore action to index.php...
CVE-2010-4614
SQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723...