MyStyle Custom Product Designer <= 3.21.1 - SQL Injection

The MyStyle Custom Product Designer plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.21.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated...

CVE-2019-25755

CVE-2019-25755 details: Joomla Component vReview 1.9.11 has an SQL injection in the editReview task via the cmId parameter. Unauthenticated attackers can send POST requests with URL-encoded SQL UNION payloads to extract database data (usernames, passwords, versions). Impact per sources is high (C...

CVE-2019-25754 Joomla vRestaurant 1.9.4 SQL Injection via menu-listing-layout

Joomla Component vRestaurant 1.9.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keysearch parameter. Attackers can send POST requests to the menu-listing-layout endpoint with crafted SQL...

EUVD-2019-20189

Joomla! Component VMap 1.9.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the latlngbound parameter. Attackers can send GET requests to index.php with the option=comvmap&task=loadmarker parameters...

CVE-2017-20279

Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the makepayment task to extract sensitive...

CVE-2017-20282

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productid parameter. Attackers can send GET requests to index.php with the option=comjcart&route=product/product...

CVE-2019-25748

Joomla JHotelReservation 6.0.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the rooms parameter. Attackers can send POST requests to the search-hotels endpoint with crafted SQL payloads in the...

CVE-2019-25751

CVE-2019-25751 affects Joomla’s J-ClassifiedsManager component, version 3.0.5. The vulnerability is an SQL injection in the displayads flow that does not require authentication. An attacker can inject malicious SQL through POST parameters, specifically categorySearch, adType, and citySearch, to e...

CVE-2019-25748

CVE-2019-25748 affects Joomla JHotelReservation 6.0.7. The issue is an SQL injection in the rooms parameter of the search-hotels endpoint, allowing unauthenticated attackers to send crafted SQL payloads via POST requests to extract sensitive data (e.g., database version details). Documented CVSS:...

CVE-2017-20282 Joomla! Component jCart for OpenCart 2.0 SQL Injection

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productid parameter. Attackers can send GET requests to index.php with the option=comjcart&route=product/product...

CVE-2017-20282

Joomla! Component jCart for OpenCart 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the productid parameter. Attackers can send GET requests to index.php with the option=comjcart&route=product/product...

CVE-2017-20281

Joomla! Component Extra Search 2.2.8 contains an SQL injection vulnerability in the establename parameter (index.php?option=com_extrasearch). The issue allows unauthenticated attackers to manipulate database queries and extract sensitive information. Evidence in CVE records and AttackerKB confirm...

EUVD-2017-19005

Joomla Component JoomRecipe 1.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the category parameter. Attackers can send GET requests to the all-recipes endpoint with malicious SQL payloads in the...

EUVD-2017-19004

Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the searchauthor parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques...

CVE-2017-20275

CVE-2017-20275 affects Joomla! Component PHP-Bridge 1.2.3. The vulnerability is an SQL injection in the id parameter of index.php when using option=com_phpbridge&view=phpview, allowing unauthenticated attackers to execute arbitrary SQL and extract database metadata (e.g., table and column names)....

CVE-2017-20253

Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari parameter. Attackers can craft requests to the component endpoint with SQL injection payloads to extrac...

CVE-2017-20269 Joomla! Component KissGallery 1.0.0 SQL Injection

Joomla! Component KissGallery 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the component URL path. Attackers can supply malicious SQL code in the kissgallery endpoint to execute arbitrary database queries and extract sensitive...

EUVD-2017-18992

Joomla! Component Flip Wall 8.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the wallid parameter. Attackers can send GET requests to index.php with the option=comflipwall&task=click&wallid...

EUVD-2017-18990

Joomla! Component FocalPoint Pro/Free 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=comfocalpoint, view=location, a...

CVE-2017-20263

CVE-2017-20263 affects Joomla! FocalPoint Pro/Free 1.2.3. An SQL injection vulnerability exists in the location view when processing the id parameter, allowing unauthenticated attackers to inject SQL via HTTP GET to index.php with option=com_focalpoint, view=location, and crafted id values to exf...