SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter.
Multiple improper neutralization of special elements of SQL commands vulnerabilities in FortiMail before 6.4.4 may allow a non-authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 and 1.3.1.2 allows remote attackers to execute arbitrary SQL commands via the a parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site Suite 4.0 through 4.2.0 allows remote attackers to execute arbitrary SQL commands via the bid parameter.
Unvalidated input in the Photo Gallery (10Web Photo Gallery) WordPress plugin, versions before 1.5.55, leads to SQL injection via the frontend/models/model.php bwg_search_x parameter.
SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter.
SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter.
SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady Polling Booth Manager allows remote attackers to execute arbitrary SQL commands via the QuestionID parameter in a results action.
SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action.
Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third party information.
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219716.
SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the res_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
SQL injection vulnerability in trackads.php in YourFreeWorld Banner Management allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GBook) allows remote attackers to execute arbitrary SQL commands via the p parameter.
This affects the package madge before 4.0.1. It is possible to specify a custom Graphviz path via the graphVizPath option parameter which when the .image(), .svg() or .dot() functions are called, is executed by the childprocess.exec function.
SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the tipodoc_id parameter.
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter.
SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action.
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file admin/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218472.
SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter.
SQL injection vulnerability in article_details.php in Softbiz Article Directory Script allows remote attackers to execute arbitrary SQL commands via the sbiz_id parameter.
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.
SQL injection vulnerability in clic.php in the Partenaires module 1.5 for Nuked-Klan allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action.
SQL injection vulnerability in default.php in Cornerstone Technologies webConductor allows remote attackers to execute arbitrary SQL commands via the id parameter.
A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
SQL injection vulnerability in view_photo.php in 2daybiz Network Community Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
In Umbraco 7.3.8, there is SQL Injection in the backoffice/PageWApprove/PageWApproveApi/GetInpectSearch method via the nodeName parameter.
SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.
SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.