| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in framework/modules/users/models/user.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter. |
| SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter. |
| SQL injection vulnerability in framework/core/models/expConfig.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the src parameter. |
| SQL injection vulnerability in framework/modules/blog/controllers/blogController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the author parameter. |
| SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action. |
| SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 via the start parameter. |
| SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter. |
| SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script). |
| SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x6b1b due to lack of proper user input validation in cmdHandlerStatusMonitor.dll. Formerly ZDI-CAN-4545. |
| IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 123296. |
| SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x3b21 due to lack of proper user input validation in mdHandlerLicenseManager.dll. Formerly ZDI-CAN-4561. |
| SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code Execution when executing opcode 0x1b07 due to lack of proper user input validation in cmdHandlerTVCSCommander.dll. Formerly ZDI-CAN-4560. |
| Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query. |
| Fiyo CMS v2.0.7 has an SQL injection vulnerability in dapur/apps/app_article/sys_article.php via the name parameter in editing or adding a tag name. |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in individual_responses.php does not sanitize the survey_id variable before placing it inside of an SQL query. |
| SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php. |
| Vulnerability in wordpress plugin surveys v1.01.8, The code in questions.php does not sanitize the survey variable before placing it inside of an SQL query. |
| Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php |
| Vulnerability in wordpress plugin add-edit-delete-listing-for-member-module v1.0, The plugin author does not sanitize user supplied input via $act before passing it into an SQL statement. |
