| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username. |
| Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/. |
| Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in Publique! 2.3 allows remote attackers to execute arbitrary SQL commands via the sid parameter. |
| SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php. |
| SQL injection vulnerability in home.php in magic-portal 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
| SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php. |
| SQL injection vulnerability in Files2Links F2L 3000 appliance 4.0.0, and possibly other versions and models, allows remote attackers to execute arbitrary SQL commands via unspecified parameters to the login page. |
| SQL injection vulnerability in the comment submission interface (includes/comment.php) in Enano CMS before 1.0.6pl1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. |
| SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter. |
| SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: some of these details are obtained from third party information. |
| Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) userid (username) and (2) password parameters. |
| SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a singer action. |
| Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php. |
| SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter. |
| Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php. NOTE: some of these details are obtained from third party information. |
| Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp. |
| SQL injection vulnerability in games/game.php in ProArcadeScript allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in index.php in ImagoScripts Deviant Art Clone allows remote attackers to execute arbitrary SQL commands via the seid parameter in a forums viewcat action. |
