13181 matches found
CVE-2010-2673
SQL injection vulnerability in profileview.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2010-2683
SQL injection vulnerability in result.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the subcatid parameter...
CVE-2010-2577
Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbitrary SQL commands via the title parameter to 1 storyrss.php or 2 story.php...
CVE-2010-4365
SQL injection vulnerability in JE Ajax Event Calendar comjeajaxeventcalendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventid parameter in an alleventlistmore action to index.php...
CVE-2010-4614
SQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723...
CVE-2010-4166
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via 1 the filterorder parameter in a comweblinks category action to index.php, 2 the filterorderDir parameter in a comweblinks category action to index.php, or 3 the...
CVE-2012-3471
Multiple SQL injection vulnerabilities in the edit functions in 1 application/controllers/admin/reports.php and 2 application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id...
CVE-2012-5874
Multiple SQL injection vulnerabilities in the 1 updatewhosonlinereg and 2 updatewhosonlineguest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATHINFO to a checkuser.php, b groups.php, c index.php, d login.php, e quicklogin.php, f...
CVE-2012-5317
SQL injection vulnerability in mainbigware43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process action...
CVE-2012-6504
SQL injection vulnerability in mods/hours/data/gethours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2012-2740
SQL injection vulnerability in publichtml/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action...
CVE-2012-4237
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subjectmoduleid parameter to 1 tceeditanswer.php or 2 tceeditquestion.php...
CVE-2012-4258
Multiple SQL injection vulnerabilities in MYRE Real Estate Software 2012 Q2 allow remote attackers to execute arbitrary SQL commands via the 1 linkidd parameter to 1mobile/listings.php or 2 userid parameter to 1mobile/agentprofile.php...
CVE-2012-0999
SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the groupid parameter...
CVE-2013-3578
SQL injection vulnerability in the Help Desk application in Wave EMBASSY Remote Administration Server ERAS allows remote authenticated users to execute arbitrary SQL commands via the ct100$4MainController$TextBoxSearchValue parameter aka the search field, leading to execution of operating-system...
CVE-2013-5967
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management OSSIM 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the datefrom parameter to 1 radar-iso27001-potential.php, 2 radar-iso27001-A12ISacquisition-pot.php, 3...
CVE-2013-5311
Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to 1 browsevideos.php or 2 members.php. NOTE: the cat parameter is already covered by CVE-2008-4157...
CVE-2013-1748
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 edit.php or 2 import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by...
CVE-2013-4952
SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2017-9449
SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible ...