| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and previous versions. A SQL Injection vulnerability has been identified, which may allow remote code execution. |
| Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php q parameter. |
| Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords. |
| E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter. |
| Chartered Accountant Booking Script 1.0 has SQL Injection via the /service-list city parameter. |
| Cab Booking Script 1.0 has SQL Injection via the /service-list city parameter. |
| Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter. |
| Advance Online Learning Management Script 3.1 has SQL Injection via the courselist.php subcatid or popcourseid parameter. |
| SQL injection vulnerability in inc/lib/Control/Ajax/tags-ajax.control.php in GeniXCMS 0.0.8 allows remote authenticated editors to execute arbitrary SQL commands via the term parameter to the default URI. |
| SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. |
| Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter. |
| FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token parameter, buyleads-details.php id parameter, or company/index.php c parameter. |
| FS Makemytrip Clone 1.0 has SQL Injection via the show-flight-result.php fl_orig or fl_dest parameter. |
| FS Grubhub Clone 1.0 has SQL Injection via the /food keywords parameter. |
| The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application. |
| SQL injection vulnerability in ClearPass Policy Manager 6.5.x through 6.5.6 and 6.6.0. |
| FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter. |
| FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter. |
| New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe applications via vectors involving failure to escape quotes during use of the Slow Queries feature, as demonstrated by a mishandled quote in a VALUES clause of an INSERT statement, after bypassing a SET SHOWPLAN_ALL ON protection mechanism. |
