| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter. |
| SQL injection vulnerability in the getUserUddiElements method in the ES UDDI component in SAP NetWeaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504. |
| SQL injection vulnerability in Concrete5 5.7.3.1. |
| SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service". |
| SQL injection vulnerability in Pragyan CMS 3.0. |
| In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints is not sanitized and appended directly to the query. |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/view-campaign-list.php with the GET Parameter: id. |
| A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an admin/trees/add/process request with a crafted _tags[] parameter that is mishandled in a later admin/ajax/dashboard/approve-change request. |
| SQL injection vulnerability in the InLinks plugin through 1.1 for WordPress allows authenticated users to execute arbitrary SQL commands via the "keyword" parameter to /wp-admin/options-general.php?page=inlinks/inlinks.php. |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/add_member.php with the GET Parameter: filter_list. |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list. |
| A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email. |
| Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /showresource.do resourceid parameter in a getResourceProfiles action. |
| WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php. |
| An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This is a blind SQL injection within the EmployeePortalServlet, which can be exploited by un-authenticated users via an HTTP POST request and which can be used to dump database data out to a malicious server, using an out-of-band technique, such as select_loadfile(). The vulnerability affects the EmployeePortalServlet page and the following parameter: employer. |
| eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input. |
| Vulnerability in wordpress plugin Membership Simplified v1.58, The code in membership-simplified-for-oap-members-only/updateDB.php is vulnerable to blind SQL injection because it doesn't sanitize user input via recordId in the delete_media function. |
| Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form and event_form.php code do not sanitize input, this allows for blind SQL injection via the event parameter. |
| Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code. |
| SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/views/create/ and the injection is visible at admin/ajax/auto-modules/views/searchable-page/ or admin/modules_name. |
