| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in php/leer_comentarios.php in FlashBlog allows remote attackers to execute arbitrary SQL commands via the articulo_id parameter. |
| ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres. |
| SQL injection vulnerability in login.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka admin field). NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field). |
| SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action. |
| SQL injection vulnerability in members.php in plx Auto Reminder 3.7 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a newar action. |
| Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp. |
| SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter. |
| SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter. |
| SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter. |
| Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server. |
| SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter. |
| SQL injection vulnerability in the Codeon Petition (cd_petition) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter to portal/index.php in a tablon action. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lname parameter in a login action to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. |
| SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields. |
