CVE-2010-4842

SQL injection vulnerability in admin/login.php in MHP DownloadScript aka MH Products Download Center 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-4839

SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the eventid parameter in a register action...

CVE-2010-1089

SQL injection vulnerability in vedifaq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2010-1075

SQL injection vulnerability in index.php in Entry Level CMS EL CMS allows remote attackers to execute arbitrary SQL commands via the subj parameter...

CVE-2010-4632

Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the 1 article parameter to kb.asp, 2 specific parameter to cart.asp, 3 countrycode parameter to contact.asp, and the 4 srch parameter to search.asp. NOTE: the article...

CVE-2010-1016

SQL injection vulnerability in the SAV Filter Selectors savfilterselectors extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-9520

SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter...

CVE-2015-9226

Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the 1 checkdownload and possibly 2 checkfilename function in upload/admin2/model/products/modeladmindownload.php or remote authenticated users wit...

CVE-2014-8306

SQL injection vulnerability in the sqlquery function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the itemid variable, as demonstrated by the 1 itemid0 or 2 itemid parameter...

CVE-2010-4503

SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action...

CVE-2015-1364

SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/...

CVE-2010-4404

SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2010-3428

SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a category action...

CVE-2014-4938

SQL injection vulnerability in the WP Rss Poster wp-rss-poster plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to wp-admin/admin.php...

CVE-2014-3935

SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter...

CVE-2010-2689

SQL injection vulnerability in contform.php in Internet DM WebDM CMS allows remote attackers to execute arbitrary SQL commands via the cfid parameter...

CVE-2012-3032

SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message...

CVE-2013-6875

SQL injection vulnerability in functions/prependadm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php...

CVE-2011-5071

Multiple SQL injection vulnerabilities in Support Incident Tracker aka SiT! before 3.64 allow remote attackers to execute arbitrary SQL commands via the 1 exc parameter to reportmarketing.php, 2 selected parameter to tasks.php, 3 sites parameter to billableincidents.php, or 4 searchstring paramet...

CVE-2010-2342

SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady Online Notebook Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter...