CVE-2011-4949

SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/withdb/loaddetails.php in EGroupware Enterprise Line EPL before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2013-5091

SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559...

CVE-2013-4827

SQL injection vulnerability in HP Intelligent Management Center iMC and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZDI-CAN-1664...

CVE-2014-9457

SQL injection vulnerability in classes/monodisplay.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php...

CVE-2014-9435

Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the 1 sectionID parameter to admin/managersection.php, 2 userID parameter to admin/edituser.php, 3 username parameter to admin/admin.php, or 4 title parameter to...

CVE-2011-5272

SQL injection vulnerability in Domain Technologie Control DTC before 0.34.1 allows remote authenticated users to execute arbitrary SQL commands via the vpsnote parameter to dtcadmin/logPushlet.php. NOTE: this issue was originally part of CVE-2011-3197, but that ID was SPLIT due to different...

CVE-2013-3536

SQL injection vulnerability in the gpLoadUserFromHash function in functionshash.php in the Group Pay module 1.5 and earlier for WHMCS allows remote attackers to execute arbitrary SQL commands via the hash parameter...

CVE-2010-4897

SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action...

CVE-2010-4876

SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter...

CVE-2010-4842

SQL injection vulnerability in admin/login.php in MHP DownloadScript aka MH Products Download Center 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-4839

SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the eventid parameter in a register action...

CVE-2014-3935

SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter...

CVE-2009-2128

SQL injection vulnerability in closebug.php in Elvin before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the title aka subject field...

CVE-2009-4970

SQL injection vulnerability in the t3maffiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2009-1909

SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2008-3754

SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2009-4296

SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2009-3226

SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manwrepl addform action. NOTE: some of these details are obtained from third...

CVE-2025-46052

An error-based SQL Injection SQLi vulnerability in WebERP v4.15.2 allows attackers to execute arbitrary SQL command and extract sensitive data by injecting a crafted payload into the DEL form field in a POST request to /StockCounts.php...

CVE-2025-28076

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.4 and CO2Scope = 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the 1 timeago, 2 user, 3 filter, 4 target, 5 p1, 6 p2, 7 p3, 8 p4, 9 p5, 10 p6, 11 p7, 12 p8, 13 p9, 14 p10, 15 p11, 16 p12, 17 p13, ...