SQL injection vulnerability in the Webmail Plus module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege.
SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven.
Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before 11.3.009 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the (1) user_groups[] parameter to admin/code/tce_edit_test.php or (2) subject_id parameter to admin/code/tce_show_all_questions.php.
Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPayGrades, or (3) viewSystemUsers in symfony/web/index.php/admin/, as demonstrated using cross-site request forgery (CSRF) attacks.
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.
SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.
SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities in the save_connection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the (1) coursereportuiconfig[name] or (2) coursereportuiconfig[description] parameters to index.php.
participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for WordPress has a time-based SQL injection vulnerability via the ascdesc, list_filter_count, or sortBy parameters. It is possible to exfiltrate data and potentially execute code (if certain conditions are met).
SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in manage/add_user.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote authenticated users, with Read privileges, to execute arbitrary SQL commands via the user_id parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php.
SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.
A vulnerability was found in Itechscripts School Management Software 2.75. It has been classified as critical. This affects an unknown part of the file /notice-edit.php. The manipulation of the argument aid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely.
SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the sup_id parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666.
Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php.
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI.
SQL injection vulnerability in the "Manage pages" feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with "blog publisher" rights to execute arbitrary SQL commands via the search[published_at] parameter.
Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php.
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.
Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp.
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected.
SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter.
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.
FreePBX 13 and 14 has SQL Injection in the DISA module via the hangup variable on the /admin/config.php?display=disa&view=form page.
An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based SQL injection vulnerability in the "match" parameter allows remote authenticated attackers to execute arbitrary SQL commands. It is possible to upgrade access to full server compromise via xp_cmdshell. In some cases, the authentication requirement for the attack can be met by sending the default admin credentials.
SQL injection vulnerability in the Spider Contacts module for Drupal allows remote authenticated users with the "access Spider Contacts category administration" permission to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.
In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image parameter to admin/edit_category.php.
SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter.
An issue was discovered in phpMyAdmin. With a crafted username or a table name, it was possible to inject SQL statements in the tracking functionality that would run with the privileges of the control user. This gives read and write access to the tables of the configuration storage database, and if the control user has the necessary privileges, read access to some tables of the MySQL database. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to 4.4.15.9), and 4.0.x versions (prior to 4.0.10.18) are affected.
Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an authenticated remote attacker to execute arbitrary SQL commands by using a certain character when the database is configured to use Big5 Asian encoding.
SQL injection vulnerability in Intel Security VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier) allows remote authenticated users to obtain product information via a crafted HTTP request parameter.
SQL injection vulnerability in Cisco Firepower Management Center 4.10.3 through 5.4.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCur25485.
Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php.
SQL injection vulnerability in the serendipity_checkCommentToken function in include/functions_comments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipity[id] parameter to serendipity_admin.php.
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
SQL injection vulnerability in the All In One WP Security & Firewall plugin before 3.8.8 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in manage_user_page.php in MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 allows remote administrators with FILE privileges to execute arbitrary SQL commands via the MANTIS_MANAGE_USERS_COOKIE cookie.
SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edit action in the quartz/quote_form.php page to wp-admin/edit.php.
Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) admin_functions.php or (2) admin_update.php, as demonstrated by the id parameter in the update action to wp-admin/admin.php.
SQL injection vulnerability in admin/categories.php in Dotclear before 2.6.3 allows remote authenticated users with the manage categories permission to execute arbitrary SQL commands via the categories_order parameter.