13184 matches found
CVE-2012-4570
SQL injection vulnerability in LetoDMSCore/Core/inc.ClassDMS.php in LetoDMS formerly MyDMS before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpdkeepmonth parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow...
Sql injection
SQL injection vulnerability in LetoDMSCore/Core/inc.ClassDMS.php in LetoDMS formerly MyDMS before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2012-4570
SQL injection vulnerability in LetoDMSCore/Core/inc.ClassDMS.php in LetoDMS formerly MyDMS before 3.3.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-5533
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpdkeepmonth parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow...
CVE-2017-2133
SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB10004.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB10004.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2017-2133
SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB10004.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2015-5376
SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field...
Sql injection
SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field...
Sql injection
SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the slcustomfield parameter to sl-xml.php...
Sql injection
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters...
CVE-2015-2146
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to project.php, the 2 groupid parameter to group.php, the 3 statusid parameter to status.php, the 4 resolutionid parameter to...
CVE-2015-2147
Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters...
CVE-2015-2146
Issuetracker phpBugTracker is affected by SQL injection vulnerabilities in versions before 1.7.0. Multiple parameters (id in project.php; group_id in group.php; status_id in status.php; resolution_id in resolution.php; severity_id in severity.php; priority_id in priority.php; os_id in os.php; sit...
CVE-2017-1000120
ERPNextFrappe Version = 7.1.27 SQL injection vulnerability in frappe.share.getusers allows remote authenticated users to execute arbitrary SQL commands via the fields parameter...
CVE-2017-1000120
ERPNextFrappe Version = 7.1.27 SQL injection vulnerability in frappe.share.getusers allows remote authenticated users to execute arbitrary SQL commands via the fields parameter...
CVE-2017-1000120
ERPNextFrappe Version = 7.1.27 SQL injection vulnerability in frappe.share.getusers allows remote authenticated users to execute arbitrary SQL commands via the fields parameter...
Sql injection
SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 project or id parameters to topics/deletetopics.php; the 2 id parameter to bookmarks/deletebookmarks.php; or the 3 id parameter to calendar/deletecalendar.php...
CVE-2017-6089
SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 project or id parameters to topics/deletetopics.php; the 2 id parameter to bookmarks/deletebookmarks.php; or the 3 id parameter to calendar/deletecalendar.php...