CVE-2014-8366

SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php...

Sql injection

SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote attackers to execute arbitrary SQL commands via the Username and password to index.php...

Sql injection

SQL injection vulnerability in sshandler.php in the WordPress Spreadsheet wpSS plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ssid parameter...

CVE-2014-8363

SQL injection vulnerability in sshandler.php in the WordPress Spreadsheet wpSS plugin 0.62 for WordPress allows remote attackers to execute arbitrary SQL commands via the ssid parameter...

Sql injection

Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 password, 2 email, or 3 id parameter...

Sql injection

Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the 1 agentPhNo, 2 controlPhNo, 3 agentURLPath, 4 agentControlKey, or 5 platformDD1 parameter to frameworkgui/attach2Agents.pl; the 6...

CVE-2014-3978

SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact...

CVE-2014-3978

TomatoCart 1.x (stable) is affected by CVE-2014-3978: an SQL injection in the address book creation flow (First name/Last name fields) that allows remote authentication-based attacker to inject arbitrary SQL. Affected software version is TomatoCart 1.1.8.6.1. Public references include OpenVAS and...

CVE-2014-5275

Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the 1 password, 2 email, or 3 id parameter...

CVE-2012-5865

SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action...

Sql injection

Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the 1 searchstring or 2 where parameter in a contacts action, 3 deptid parameter in a departments action, 4 projectid parameter in a project action, or...

Sql injection

SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action...

CVE-2012-5865

SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action...

CVE-2012-5865

CVE-2012-5865 concerns Achievo 1.4.5 where a SQL injection flaw exists in the dispatch.php script via the GET parameter activityid in the stats action. The vulnerability can be exploited by remote authenticated users to inject arbitrary SQL commands into the database, with the PoC indicating the ...

Sql injection

Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 return, 2 display, 3 table, or 4 search parameter to functions/suggest.php; 5 the id parameter to functions/widgets.php, 6 the category parameter to...

CVE-2012-5244

Banana Dance is affected by CVE-2012-5244 and likely earlier, affecting version B.2.6 and prior. The advisory bundle shows multiple vulnerabilities in Banana Dance (Banana Dance is a PHP/MySQL app): (1) SQL Injection in /functions/suggest.php (parameters return, display, table, search), (2) SQL I...

Sql injection

SQL injection vulnerability in the sqlquery function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the itemid variable, as demonstrated by the 1 itemid0 or 2 itemid parameter...

CVE-2014-8306

CVE-2014-8306 affects C97net Cart Engine prior to 4.0. The vulnerability is a SQL injection in the sql_query function of cart.php exploited through the item_id parameter (item_id[0] or item_id[]), enabling remote command execution. Public references describe the vulnerable input handling but do n...

Drupal 7.x < 7.32 SQLi

The remote web server is running a version of Drupal that is 7.x prior to 7.32. It is, therefore, potentially affected by a SQL injection vulnerability due to a flaw in the Drupal database abstraction API, which allows a remote attacker to use specially crafted requests that can result in arbitra...

CVE-2014-8295

SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows remote attackers to execute arbitrary SQL commands via the jobid parameter...