CVE-2019-14313

A SQL injection vulnerability exists in the 10Web Photo Gallery plugin before 1.5.31 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via filemanager/model.php...

CVE-2011-2181

Multiple SQL injection vulnerabilities in A Really Simple Chat ARSC 3.3-rc2 allow remote attackers to execute arbitrary SQL commands via the 1 arscuser parameter to base/admin/edituser.php, 2 arsclayoutid parameter in base/admin/editlayout.php, or 3 arscroom parameter to base/admin/editroom.php...

CVE-2015-1479

SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus SDP before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter...

CVE-2015-1616

SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors...

CVE-2015-2242

Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the 1 termid or 2 nyelvid parameter to index.php...

CVE-2014-100003

SQL injection vulnerability in includes/ym-downloadfunctions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ymdownloadid parameter to the default URI...

CVE-2019-17119

Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server through 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter...

CVE-2018-15868

SQL injection vulnerability in ChronoScan version 1.5.4.3 and earlier allows an unauthenticated attacker to execute arbitrary SQL commands via the wcrmachineid cookie...

CVE-2019-14695

A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers Table ordering is...

CVE-2019-13569

A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...

CVE-2018-13447

SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statut parameter...

CVE-2016-4040

SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter...

CVE-2013-3721

SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter...

CVE-2012-6039

SQL injection vulnerability in viewcomments.php in YABSoft Advanced Image Hosting AIH Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter...

CVE-2011-5168

SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2011-4811

SQL injection vulnerability in pokazpodkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter...

CVE-2011-2917

SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter...

CVE-2011-1915

SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2012-4479

SQL injection vulnerability in the Drag & Drop Gallery module 6.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2012-4686

SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter...