16790 matches found
CVE-2008-6802
Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the 1 Username and 2 Password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2019-18662
An issue was discovered in YouPHPTube through 7.7. User input passed through the livestreamcode POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized in getFromChat in plugin/LiveChat/Objects/LiveChatObj.php before being used to construct a SQL query. This can be exploited...
CVE-2019-18890
A SQL injection vulnerability in Redmine through 3.2.9 and 3.3.x before 3.3.10 allows Redmine users to access protected information via a crafted object query...
CVE-2019-2196
In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269143...
CVE-2019-11975
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
CVE-2019-11984
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
CVE-2019-11977
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
CVE-2019-11362
app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL injection via the Post:doReward score paramter, as demonstrated by the /do/reward/3 URI...
CVE-2019-11614
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/views/ajax/commentView.php. A remote unauthorized attacker could exploit the vulnerability to obtain database sensitive information...
CVE-2019-11970
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
CVE-2019-11619
doorGets 7.0 has a SQL injection vulnerability in /doorgets/app/requests/user/configurationRequest.php when action=analytics. A remote background administrator privilege user or a user with permission to manage configuration analytics could exploit the vulnerability to obtain database sensitive...
CVE-2019-11880
CommSy through 8.6.5 has SQL Injection via the cid parameter. This is fixed in 9.2...
CVE-2019-11448
An issue was discovered in Zoho ManageEngine Applications Manager 11.0 through 14.0. An unauthenticated user can gain the authority of SYSTEM on the server due to a PopupSLA.jsp sid SQL injection vulnerability. For example, the attacker can subsequently write arbitrary text to a .vbs file...
CVE-2019-11978
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
CVE-2019-11363
A SQL injection vulnerability in Snare Central before 7.4.5 allows remote authenticated attackers to execute arbitrary SQL commands via the AgentConsole/UserGroupQuery.php ShowUser parameter...
CVE-2019-11974
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
CVE-2019-11518
An issue was discovered in SEMCMS 3.8. SEMCMSInquiry.php allows AID SQL Injection because the class.phpmailer.php injectchecksql protection mechanism is incomplete...
CVE-2019-11976
A SQL injection code execution vulnerability was identified in HPE Intelligent Management Center IMC PLAT earlier than version 7.3 E0506P09...
CVE-2019-20337
In PHP Scripts Mall advanced-real-estate-script 4.0.9, the newsedit.php newsid parameter is vulnerable to SQL Injection...
CVE-2020-7981
sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when withinboundingbox is used in conjunction with untrusted swlat, swlng, nelat, or nelng data...