72 matches found
CVE-2024-34935
A SQL injection vulnerability in /view/conversationhistoryadmin.php in Campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the conversationid parameter...
Sql injection
SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledgebase/getarticlesuggestion/...
CVE-2016-2555
SQL injection vulnerability in include/lib/mysqlconnect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php...
CVE-2014-4424
SQL injection vulnerability in Wiki Server in CoreCollaboration in Apple OS X Server before 2.2.3 and 3.x before 3.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2014-3773
CVE-2014-3773 concerns TeamPass prior to version 2.1.20, with multiple SQL injection vulnerabilities exposed through various parameters in the web interface. The affected components include sources/main.queries.php (login-related actions: send_pw_by_email, generate_new_password) and data handling...
Sql injection
SQL injection vulnerability in the getactivesession function in the KTAPIUserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the u parameter, related to the getFileName function...
CVE-2013-7369
SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and Server Security and F-Secure...
Sql injection
SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page...
CVE-2012-6039
SQL injection vulnerability in viewcomments.php in YABSoft Advanced Image Hosting AIH Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter...
Sql injection
SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via the root parameter...
CVE-2012-5910
CVE-2012-5910 is a SQL injection in blogs/htsrv/viewfile.php of b2evolution 4.1.3. An authenticated remote user can inject SQL via the root parameter to execute arbitrary commands. Impact is partial confidentiality/integrity/availability as stated; attack vector is web-based with single-privilege...
CVE-2012-5327
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the 1 deleteusrgrp parameter in a deleteusergroups action, 2 usergroup paramete...
CVE-2012-3468
CVE-2012-3468 affects the Ushahidi Platform prior to 2.5. The vulnerability tier is high (CVSS v2 base score 7.5) and stems from multiple SQL injection weaknesses in specific code paths: (1) verify() in application/controllers/alerts.php, (2) save_all() in application/models/settings.php, and (3)...
CVE-2012-0980
SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter...
CVE-2011-1653
Multiple SQL injection vulnerabilities in the Unified Network Control UNC Server in CA Total Defense TD r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the 1 UnAssignFunctionalRoles, 2 UnassignAdminRoles, 3 DeleteFilter, 4 NonAssignedUserList, 5...
Sql injection
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the 1 findfid, 2 id, 3 selectfcat, 4 selectfmon, or 5 selectftag parameter in an images action...
CVE-2010-1904
RSA Key Manager (RKM) C Client 1.5.x is vulnerable to SQL injection via the metadata in encrypted data, allowing an attacker to manipulate the KeyTable/config caching data and potentially modify or delete encryption keys. The vulnerability arises from improper validation of metadata during key lo...
Sql injection
SQL injection vulnerability in vedifaq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter...
Sql injection
SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter...
Sql injection
SQL injection vulnerability in students.php in BPowerHouse BPStudents 1.0 allows remote attackers to execute arbitrary SQL commands via the test parameter in a preview action...