13185 matches found
Sql injection
SQL injection vulnerability in quickstart/profile/index.php in the Forum module in appRain CMF 0.1.5 allows remote attackers to execute arbitrary SQL commands via the PATHINFO...
Sql injection
SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in user.php in Social Network Community 2 allows remote attackers to execute arbitrary SQL commands via the userId parameter...
CVE-2011-5234
SQL injection vulnerability in user.php in Social Network Community 2 allows remote attackers to execute arbitrary SQL commands via the userId parameter...
CVE-2011-5218
SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php...
CVE-2011-5222
SQL injection vulnerability in rub2w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter...
CVE-2012-4990
SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids parameter in a link action...
CVE-2012-5167
Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the 1 field parameter to coursecategory/indexinlineeditorsubmit.php or 2 user/indexinlineeditorsubmit.php; or 3 id parameter to user/userpassword.php...
CVE-2012-4772
SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the planid parameter...
Sql injection
SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 allows remote attackers to execute arbitrary SQL commands via the 1 user name or 2 password field...
Sql injection
Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the 1 field parameter to coursecategory/indexinlineeditorsubmit.php or 2 user/indexinlineeditorsubmit.php; or 3 id parameter to user/userpassword.php...
Sql injection
SQL injection vulnerability in user/indexinlineeditorsubmit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167...
Sql injection
SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids parameter in a link action...
CVE-2012-4232
SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to execute arbitrary SQL commands via the memberloginid cookie...
CVE-2012-4772
SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the planid parameter...
CVE-2012-4990
SQL injection vulnerability in admin/campaign-zone-link.php in OpenX 2.8.10 before revision 81823 allows remote attackers to execute arbitrary SQL commands via the ids parameter in a link action...
CVE-2012-4990
CVE-2012-4990 : OpenX 2.8.10 (and earlier) is vulnerable to SQL injection via the ids[] parameter in admin/campaign-zone-link.php. The vulnerability allows remote attackers to manipulate SQL queries, with PoCs showing crafted ids[] input and an exploit requiring the attacker to be registered with...
CVE-2012-5348
SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php...
CVE-2012-5350
SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode...
Sql injection
SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php...