CVE-2020-10582

A SQL injection on the /admin/displayerrors.php script of Invigo Automatic Device Management ADM through 5.0 allows remote attackers to execute arbitrary SQL requests including data reading and modification on the database...

CVE-2020-2240

A cross-site request forgery CSRF vulnerability in Jenkins database Plugin 1.6 and earlier allows attackers to execute arbitrary SQL scripts...

CVE-2020-21662

SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF...

CVE-2020-35378

SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields...

CVE-2020-29140

A SQL injection vulnerability in interface/reports/immunizationreport.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the formcode parameter...

CVE-2020-24769

SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter...

CVE-2020-21176

SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter...

CVE-2020-20295

An issue was found in CMSWing project version 1.3.8. Because the updateAction function does not check the detail parameter, malicious parameters can execute arbitrary SQL commands...

CVE-2020-19821

A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders parameter...

CVE-2014-3934

SQL injection vulnerability in the SubmitNews module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics parameter to modules.php...

CVE-2014-100035

SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-9102

Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics parameter in an unfavorite action to index.php...

CVE-2014-9240

SQL injection vulnerability in member.php in MyBB aka MyBulletinBoard 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the questionid parameter in a doregister action...

CVE-2014-9097

Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery contus-video-gallery plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow 1 remote attackers to execute arbitrary SQL commands via the vid parameter in a myextract action to wp-admin/admin-ajax.php ...

CVE-2014-2317

SQL injection vulnerability in ajaxudf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information...

CVE-2014-4850

SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter...

CVE-2014-8999

SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter...

CVE-2010-5096

Multiple SQL injection vulnerabilities in MyBB aka MyBulletinBoard before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a 1 dosearch action to search.php or 2 dostuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this...

CVE-2010-1918

SQL injection vulnerability in askchat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatroomsID parameter...

CVE-2010-2015

Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote attackers to execute arbitrary SQL commands via 1 the id parameter in a viewinbox action to cp/cpmessages.php or 2 the id parameter to cp/editemail.php...