| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to list.php and (2) cat parameter to rss.php. |
| SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the cname parameter in a checkAlias action, as exploited in the wild in April 2009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in index.php in MyFWB 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. |
| SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action. |
| SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328. |
| SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID parameter. |
| SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action. |
| Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) quiz parameter to (a) num_questions.php, (b) answers.php, (c) high_score.php, (d) high_score_web.php, (e) results_table_web.php, and (f) question.php; and the (2) order_number parameter to (g) answers.php and (h) question.php. |
| SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows remote attackers to execute arbitrary SQL commands via the password parameter. |
| Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php. |
| SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header. |
| Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php. |
| SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter. |
| Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer. |
| SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788. |
| SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in news_detail.php in Virtue News Manager allows remote attackers to execute arbitrary SQL commands via the nid parameter. |
