13185 matches found
CVE-2011-5140
Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the 1 start parameter to a tags.php, b list.php, c index.php, d mainindex.php, e viewpost.php, f archive.php, g control/approvecomments.php, h...
CVE-2011-5140
Affected software: DiY-CMS blog module 1.0. Vulnerability type: SQL injection at multiple endpoints via the start parameter (tags.php, list.php, index.php, main_index.php, viewpost.php, archive.php) and via month/year parameters to archive.php; also affects control/approve_comments.php, control/a...
CVE-2012-4686
SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter...
Sql injection
SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter...
CVE-2012-4686
SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter...
Sql injection
SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the fcountrycode parameter...
CVE-2012-1934
SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the fcountrycode parameter...
CVE-2012-4673
SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sortcol variable in the listitems function, a different vulnerability than CVE-2012-3477...
CVE-2012-3477
SQL injection vulnerability in signupcheck.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action...
Sql injection
SQL injection vulnerability in signupcheck.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action...
CVE-2012-4673
SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sortcol variable in the listitems function, a different vulnerability than CVE-2012-3477...
CVE-2011-5111
Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang 3.x allow remote attackers to execute arbitrary SQL commands via the hal parameter to 1 the data module in alumni.php; or the 2 lihbuku, 3 artikel, 4 album, or 5 berita module in index.php...
Sql injection
SQL injection vulnerability in Alurian Prismotube PHP Video Script allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php...
Sql injection
SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, 5.11.2, and earlier allows remote attackers to execute arbitrary SQL commands via the loggedInUser cookie...
Sql injection
Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to 1 authorslist.php, 2 blogslist.php, 3 categorylist.php, 4 commentslist.php, 5 policylist.php, 6 ratelist.php, 7...
Sql injection
Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang 3.x allow remote attackers to execute arbitrary SQL commands via the hal parameter to 1 the data module in alumni.php; or the 2 lihbuku, 3 artikel, 4 album, or 5 berita module in index.php...
Sql injection
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio comtechfolio component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter...
CVE-2011-5111
Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang 3.x allow remote attackers to execute arbitrary SQL commands via the hal parameter to 1 the data module in alumni.php; or the 2 lihbuku, 3 artikel, 4 album, or 5 berita module in index.php...
Sql injection
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subjectmoduleid parameter to 1 tceeditanswer.php or 2 tceeditquestion.php...
CVE-2012-4237
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subjectmoduleid parameter to 1 tceeditanswer.php or 2 tceeditquestion.php...