News system (news) extension for TYPO3 vulnerable to SQL Injection

SQL injection vulnerability in the News system news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Accessibility Glossary (a21glossary) SQL injection vulnerability

SQL injection vulnerability in the Accessibility Glossary a21glossary extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

GHSA-QRW3-MQ8R-CQ7Q AdaptCMS SQL Injection vulnerability

SQL injection vulnerability in the "Check User" feature includes/checkuser.php in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter...

SQL Injection

SchedMD is vulnerable to sql injection. A malicious attacker can issue SQL commands to allow attacker to inject sql injection...

EUVD-2013-5777

Multiple SQL injection vulnerabilities in D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware before 1.05B64; DSR-250 and DSR-250N with firmware before 1.08B44; and DSR-500, DSR-500N, DSR-1000, and DSR-1000N with firmware before 1.08B77 allow remote attackers to execute arbitrary...

CVE-2017-17920

SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this method is not intended for use with untrusted...

Sql injection

FusionSphere V100R006C00SPC102NFV has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL...

CVE-2017-14703

SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATHINFO to search/...

CVE-2016-8906

SQL injection vulnerability in the "Site Browser Links pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...

CVE-2016-8904

SQL injection vulnerability in the "Site Browser Containers pages" screen in dotCMS before 3.3.1 allows remote authenticated attackers to execute arbitrary SQL commands via the orderby parameter...

SQL Servers SQL Injection Characters Evasion Techniques

SQL injection techniques can allow remote attackers to execute SQL commands on SQL servers. Successful exploitation could allow attacker to disclose confidential information, modify or shut down the database or execute arbitrary code on affected servers...

CVE-2015-4634

SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the localgraphid parameter...

CVE-2013-5957

Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the value parameter to 1 ajax/jqState or 2 ajax/jqcounty...

CVE-2011-4674

SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the onlyhostid parameter...

CVE-2008-6810

CVE-2008-6810 affects Venalsur Booking Centre Booking System for Hotels Group 2.01. The vulnerability is multiple SQL injection in admin/checklogin.php, exploitable via the myusername (username) and password parameters, enabling remote SQL command execution as reported. The issue is documented wi...

CVE-2008-3669

SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script aka ZeeReviews allows remote attackers to execute arbitrary SQL commands via the ItemID parameter...

CVE-2007-3652

SQL injection vulnerability in class/page.php in Farsi Script aka FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328...

CVE-2007-6467

CVE-2007-6467 describes an SQL injection in MKPortal 1.1 RC1, specifically in index.php during the gallery foto_show action, exploitable via the ida parameter. The underlying issue is injectable SQL passed from user-controlled input, enabling remote attackers to execute arbitrary SQL commands. Th...

CVE-2006-3271

Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the 1 country and 2 sortby parameters in a searchresults.php; 3 browse parameter in b featuredphotos.php; 4 cid parameter in c products.php, d index.php, and e newsdesc.php...

CVE-2006-3275

SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action...