CVE-2014-1636

Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to 1 adminschoolnames.php, 2 adminsubjects.php, 3 admingrades.php, 4 adminterms.php, 5 adminschoolyears.php, 6...

Sql injection

Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to 1 adminschoolnames.php, 2 adminsubjects.php, 3 admingrades.php, 4 adminterms.php, 5 adminschoolyears.php, 6...

CVE-2014-1636

Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to 1 adminschoolnames.php, 2 adminsubjects.php, 3 admingrades.php, 4 adminterms.php, 5 adminschoolyears.php, 6...

CVE-2013-2594

SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter...

Sql injection

SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter...

CVE-2013-2594

SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter...

CVE-2014-1618

Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the 1 catid or 2 pid parameter to products.php or id parameter to 3 page.php or 4 news.php...

CVE-2014-1619

Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the 1 resourceid or 2 versionid parameter to recursos/agent.php or 3 login or 4 pass parameter to login.usuario...

CVE-2013-6872

SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action...

CVE-2013-6872

SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action...

CVE-2013-6872

SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action...

CVE-2013-6872

CVE-2013-6872 affects Collabtive prior to 1.2. It is a SQL injection in managetimetracker.php via the id parameter in a projectpdf action, exploitable by remote authenticated users. The NVD entry lists a CVSS v2 base score of 6.5 (Medium) with network access, low attack complexity, single authent...

CVE-2014-1619

Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the 1 resourceid or 2 versionid parameter to recursos/agent.php or 3 login or 4 pass parameter to login.usuario...

CVE-2014-1619

CVE-2014-1619 affects Cubic CMS versions 5.1.1, 5.1.2 and 5.2, with multiple SQL injection flaws in recursos/agent.php (parameters resource_id and version_id) and login.usuario (login or pass). These allow remote attackers to execute arbitrary SQL commands. No remediation or exploit details are p...

Active Record: SQL injection

Background Active Record is a Ruby gem that allows database entries to be manipulated as objects. Description An Active Record method parameter can mistakenly be used as a scope. Impact A remote attacker could use specially crafted input to execute arbitrary SQL statements. Workaround The...

CVE-2012-6626

SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote attackers to execute arbitrary SQL commands via the username field...

Sql injection

SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote attackers to execute arbitrary SQL commands via the username field...

Sql injection

SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the groupid parameter in an editgroup action...

CVE-2014-1466

SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page...

Sql injection

SQL injection vulnerability in the password reset page in Open Web Analytics OWA before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owaemailaddress parameter in a base.passwordResetRequest action to index.php...