13181 matches found
CVE-2010-0337
SQL injection vulnerability in the ttnews Mail alert dl3ttnewsalerts extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-4745
SQL injection vulnerability in the My quiz and poll myquizpoll extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-4658
Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the 1 usr or 2 pwd parameter...
CVE-2012-5550
SQL injection vulnerability in the Time Spent module 6.x and 7.x for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2013-1163
Multiple SQL injection vulnerabilities in the device-management implementation in Cisco Connected Grid Network Management System CG-NMS allow remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCue14553 and CSCue38746...
CVE-2018-13450
SQL injection vulnerability in product/card.php in Dolibarr ERP/CRM version 7.0.3 allows remote attackers to execute arbitrary SQL commands via the statusbatch parameter...
CVE-2012-1225
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the 1 memberslist parameter aka Member List in list.php or 2 rowid parameter to adherents/fiche.php...
CVE-2010-4609
SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action...
CVE-2010-5317
Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via 1 the filename parameter in an attachment action, 2 the post parameter in a showcomment action, 3 the sys-name parameter in an rssfeed action, or 4 the...
CVE-2013-4945
Multiple SQL injection vulnerabilities in BMC Service Desk Express SDE 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the 1 ASPSESSIONIDASSRATTQ, 2 TABLEWIDGET1, 3 TABLEWIDGET2, 4 browserDateTimeInfo, or 5 browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the 6 U...
CVE-2013-4715
SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2017-11736
SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter...
CVE-2012-4971
Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the 1 reqclass parameter to editrequestenduser.asp; the 2 sysrequestid parameter to editrequestuser.asp; the 3 sysrequestid parameter to enduseractions.asp; the 4 sysrequest...
CVE-2010-1863
SQL injection vulnerability in the shoutbox module modules/shoutbox.php in ClanTiger 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the semail parameter...
CVE-2011-5183
Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the whereclause parameter to 1 index.php, 2 indexlong.php, or 3 indexshort.php in ordering/interfacecreator/...
CVE-2011-5076
SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATHINFO to index.php. NOTE: some of these details are obtained from third party information...
CVE-2012-4070
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php...
CVE-2011-5072
Multiple SQL injection vulnerabilities in Support Incident Tracker aka SiT! before 3.65 allow remote attackers to execute arbitrary SQL commands via the 1 start parameter to portal/kb.php; 2 contractid parameter to contractaddservice.php; 3 id parameter to editescalationpath.php; 4 unlock, 5 lock...
CVE-2010-5020
SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the page parameter...
CVE-2010-5004
SQL injection vulnerability in searchvote.php in 2daybiz Polls aka Advanced Poll Script allows remote attackers to execute arbitrary SQL commands via the category parameter...