| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in listing_detail.asp in Mckenzie Creations Virtual Real Estate Manager (VRM) 3.5 allows remote attackers to execute arbitrary SQL commands via the Lid parameter. |
| SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter. |
| SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter. |
| SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in the StateGetStatesByType function in Kernel/System/State.pm in Open Ticket Request System (OTRS) 3.1.x before 3.1.19, 3.2.x before 3.2.14, and 3.3.x before 3.3.4 allows remote attackers to execute arbitrary SQL commands via vectors related to a ticket search URL. |
| SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page. |
| SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands. |
| SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php. |
| SQL injection vulnerability in artykul_print.php in CreateVision CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php. |
| SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. |
| SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter. |
| SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php. |
| SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information. |
