16789 matches found
CVE-2010-0343
SQL injection vulnerability in the Clan Users List pbclanlist extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2010-0334
SQL injection vulnerability in the Vote rank for news voteforttnews extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2010-0330
SQL injection vulnerability in the Googlemaps for ttnews jfeasymaps extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2010-0635
SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party...
CVE-2010-0322
SQL injection vulnerability in the init function in MK-AnydropdownMenu mkanydropdownmenu extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2010-0340
SQL injection vulnerability in the MJS Event Pro mjseventpro extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2010-0609
SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the novaname cookie parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2010-0339
SQL injection vulnerability in the User Links vm19userlinks extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2010-0342
SQL injection vulnerability in the Reports for Job jobreports extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2010-0324
SQL injection vulnerability in the Customer Reference List reflist extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2010-0377
SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a playgame action. NOTE: some of these details are obtained from third party information...
CVE-2021-41971
Apache Superset up to and including 1.3.0 when configured with ENABLETEMPLATEPROCESSING on disabled by default allowed SQL injection when a malicious authenticated user sends an http request with a custom URL...
CVE-2021-41920
webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sorcible, sorchamps, and sorordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain...
CVE-2021-41843
An authenticated SQL injection issue in the calendar search function of OpenEMR 6.0.0 before patch 3 allows an attacker to read data from all tables of the database via the parameter providerid, as demonstrated by the /interface/main/calendar/index.php?module=PostCalendar=search URI...
CVE-2021-41511
The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication...
CVE-2021-27947
SQL Injection vulnerability in MyBB before 1.8.26 via the Copy Forum feature in Forum Management. issue 2 of 3...
CVE-2021-27130
Online Reviewer System 1.0 contains a SQL injection vulnerability through authentication bypass, which may lead to a reverse shell upload...
CVE-2021-33925
SQL Injection vulnerability in nitinparashar30 cms-corephp through commit bdabe52ef282846823bda102728a35506d0ec8f9 May 19, 2021 allows unauthenticated attackers to gain escilated privledges via a crafted login...
CVE-2021-33470
COVID19 Testing Management System 1.0 is vulnerable to SQL Injection via the admin panel...
CVE-2021-31856
A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint order parameter in GetMesheryPatterns in models/mesherypatternpersister.go...