CVE-2010-4166

Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via 1 the filterorder parameter in a comweblinks category action to index.php, 2 the filterorderDir parameter in a comweblinks category action to index.php, or 3 the...

CVE-2012-3471

Multiple SQL injection vulnerabilities in the edit functions in 1 application/controllers/admin/reports.php and 2 application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id...

CVE-2012-5874

Multiple SQL injection vulnerabilities in the 1 updatewhosonlinereg and 2 updatewhosonlineguest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATHINFO to a checkuser.php, b groups.php, c index.php, d login.php, e quicklogin.php, f...

CVE-2012-5317

SQL injection vulnerability in mainbigware43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process action...

CVE-2012-6504

SQL injection vulnerability in mods/hours/data/gethours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2012-2740

SQL injection vulnerability in publichtml/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action...

CVE-2012-4237

Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subjectmoduleid parameter to 1 tceeditanswer.php or 2 tceeditquestion.php...

CVE-2012-4258

Multiple SQL injection vulnerabilities in MYRE Real Estate Software 2012 Q2 allow remote attackers to execute arbitrary SQL commands via the 1 linkidd parameter to 1mobile/listings.php or 2 userid parameter to 1mobile/agentprofile.php...

CVE-2012-0999

SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the groupid parameter...

CVE-2013-3578

SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server ERAS allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter aka the search field, leading to execution of operating-system...

CVE-2013-5967

Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management OSSIM 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the datefrom parameter to 1 radar-iso27001-potential.php, 2 radar-iso27001-A12ISacquisition-pot.php, 3...

CVE-2013-5311

Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to 1 browsevideos.php or 2 members.php. NOTE: the cat parameter is already covered by CVE-2008-4157...

CVE-2013-1748

Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 edit.php or 2 import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by...

CVE-2013-4952

SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2017-9449

SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible ...

CVE-2019-14313

A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php...

CVE-2011-2181

Multiple SQL injection vulnerabilities in A Really Simple Chat ARSC 3.3-rc2 allow remote attackers to execute arbitrary SQL commands via the 1 arscuser parameter to base/admin/edituser.php, 2 arsclayoutid parameter in base/admin/editlayout.php, or 3 arscroom parameter to base/admin/editroom.php...

CVE-2015-1479

SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus SDP before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter...

CVE-2015-1616

SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors...

CVE-2015-2242

Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the 1 termid or 2 nyelvid parameter to index.php...