CVE-2018-13450

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statusbatch parameter...

CVE-2012-1225

Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 memberslist parameter aka Member List in list.php or 2 rowid parameter to adherents/fiche.php...

CVE-2010-4609

SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action...

CVE-2010-5317

Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via 1 the filename parameter in an attachment action, 2 the post parameter in a showcomment action, 3 the sys-name parameter in an rssfeed action, or 4 the...

CVE-2013-4945

Multiple SQL injection vulnerabilities in BMC Service Desk Express SDE 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the 1 ASPSESSIONIDASSRATTQ, 2 TABLEWIDGET1, 3 TABLEWIDGET2, 4 browserDateTimeInfo, or 5 browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the 6 U...

CVE-2013-4715

SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2017-11736

SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter...

CVE-2012-4971

Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the 1 reqclass parameter to editrequestenduser.asp; the 2 sysrequestid parameter to editrequestuser.asp; the 3 sysrequestid parameter to enduseractions.asp; the 4 sysrequest...

CVE-2010-1863

SQL injection vulnerability in the shoutbox module modules/shoutbox.php in ClanTiger 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the semail parameter...

CVE-2011-5183

Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the whereclause parameter to 1 index.php, 2 indexlong.php, or 3 indexshort.php in ordering/interfacecreator/...

CVE-2011-5076

SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATHINFO to index.php. NOTE: some of these details are obtained from third party information...

CVE-2012-4070

SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php...

CVE-2011-5072

Multiple SQL injection vulnerabilities in Support Incident Tracker aka SiT! before 3.65 allow remote attackers to execute arbitrary SQL commands via the 1 start parameter to portal/kb.php; 2 contractid parameter to contractaddservice.php; 3 id parameter to editescalationpath.php; 4 unlock, 5 lock...

CVE-2010-5020

SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the page parameter...

CVE-2010-5004

SQL injection vulnerability in searchvote.php in 2daybiz Polls aka Advanced Poll Script allows remote attackers to execute arbitrary SQL commands via the category parameter...

CVE-2010-4969

SQL injection vulnerability in articlesdetails.php in BrotherScripts BS Business Directory allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2011-4710

Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the 1 pixieuser parameter and 2 Referer HTTP header in a request to the default URI...

CVE-2010-4946

SQL injection vulnerability in productinfo.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the productsid parameter...

CVE-2010-4935

SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter...

CVE-2010-4929

SQL injection vulnerability in the Joostina comezautos component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php...