phpCollab 2.5.1 - SQL Injection

phpCollab 2.5.1 - SQL Injection CVE-2017-6089 PhpCollab 2.5.1 Multiple SQL Injections unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. SQL injections The phpCollab code does not correctly filter arguments,...

Sql injection

Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 timeline parameter in contenttimelineclass.php; or the id parameter to 2 pages/contenttimelineedit.php or 3 pages/contenttimelineindex.php...

CVE-2017-14507

Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 timeline parameter in contenttimelineclass.php; or the id parameter to 2 pages/contenttimelineedit.php or 3 pages/contenttimelineindex.php...

Sql injection

SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php...

Sql injection

Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 user or 2 id parameter...

CVE-2015-7670

Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 user or 2 id parameter...

Sql injection

SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATHINFO to search/...

CVE-2017-14703

SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATHINFO to search/...

CVE-2017-14703

CVE-2017-14703 describes a SQL injection vulnerability in the Cash Back Comparison Script 1.0. The vulnerability allows an unauthenticated attacker to exploit the application by crafting requests via the PATH_INFO to the search/ endpoint, enabling arbitrary SQL execution. Public references includ...

CVE-2017-7973

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database...

Sql injection

A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database...

Sql injection

SQL injection vulnerability in the Responsive Image Gallery plugin before 1.2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the "id" parameter in an addedittheme task in the wpdevartgallerythemes page to wp-admin/admin.php...

New Relic .NET Agent SQL Injection Vulnerability

New Relic .NET Agent is a . A SQL injection vulnerability exists in New Relic .NET Agent versions prior to 6.3.123.0. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands...

The vulnerability of the Base Monitor component of the web system, designed for monitoring the performance of SQL servers, allows a hacker to execute arbitrary SQL commands.

The vulnerability of the Base Monitor component of the web system, which is designed for monitoring the performance of SQL servers, relates to the lack of protection for SQL query structures. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access and execute arbitra...

WordPress wordpress-gallery-transformation SQL Injection Vulnerability

WordPress wordpress-gallery-transformation is a website wallpaper plugin for WordPress. WordPress wordpress-gallery-transformation version 1.0 in . /wordpress-gallery-transformation/gallery.php in version 1.0 contains a SQL injection vulnerability that stems from the program failing to filter the...

WordPress rk-responsive-contact-form SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers. rk-responsive-contact-form is one of the responsive contact form plugin. A SQL injection vulnerability exists in...

WordPress surveys 'survey_id' variable SQL injection vulnerability

WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.WordPress surveys is a polls plugin developed by Binny VA, an Indian software developer for Wordpress. A SQL injection...

Sql injection

Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the 1 checkdownload and possibly 2 checkfilename function in upload/admin2/model/products/modeladmindownload.php or remote authenticated users wit...

CVE-2015-9226

Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the 1 checkdownload and possibly 2 checkfilename function in upload/admin2/model/products/modeladmindownload.php or remote authenticated users wit...

CVE-2017-14242

SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter...