13545 matches found
CVE-2020-24769
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter...
CVE-2020-21176
SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter...
CVE-2020-19821
A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders parameter...
CVE-2020-15884
A SQL injection vulnerability in TableQuery.php in MunkiReport before 5.6.3 allows attackers to execute arbitrary SQL commands via the order0dir field on POST requests to /datatables/data...
CVE-2014-3934
SQL injection vulnerability in the SubmitNews module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics parameter to modules.php...
CVE-2014-100035
SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-9102
Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics parameter in an unfavorite action to index.php...
CVE-2014-9240
SQL injection vulnerability in member.php in MyBB aka MyBulletinBoard 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the questionid parameter in a doregister action...
CVE-2014-9345
SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional aka AWP PRO 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the groupid parameter in a listzone action to cgi/client.cgi...
CVE-2014-9097
Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery contus-video-gallery plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow 1 remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php ...
CVE-2014-2317
SQL injection vulnerability in ajaxudf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information...
CVE-2014-4850
SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter...
CVE-2014-8999
SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter...
CVE-2018-16116
SQL injection vulnerability in AccountStatus.jsp in Admin Portal of Sophos XG firewall 17.0.8 MR-8 allow remote authenticated attackers to execute arbitrary SQL commands via the "username" GET parameter...
CVE-2010-5096
Multiple SQL injection vulnerabilities in MyBB aka MyBulletinBoard before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a 1 dosearch action to search.php or 2 dostuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this...
CVE-2010-5063
SQL injection vulnerability in article.php in Virtual War aka VWar 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter...
CVE-2010-1012
SQL injection vulnerability in the CleanDB nfcleandb extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2010-1918
SQL injection vulnerability in askchat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatroomsID parameter...
CVE-2010-1013
SQL injection vulnerability in the Diocese of Portsmouth Database pddiocesedatabase extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2010-2015
Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote attackers to execute arbitrary SQL commands via 1 the id parameter in a viewinbox action to cp/cpmessages.php or 2 the id parameter to cp/editemail.php...