SQL injection vulnerability in the administrative interface in Questions Answered 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in visitorduration.php in Gonafish WebStatCaffe allows remote attackers to execute arbitrary SQL commands via the nodayshow parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in profile.php in Mole Group Adult Portal Script allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.
SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote attackers to execute arbitrary SQL commands via the username parameter.
SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attackers to execute arbitrary SQL commands via the cid parameter.
SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.
hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection.
The Rencontre plugin before 3.1.3 for WordPress allows SQL Injection via inc/rencontre_widget.php.
An issue was discovered in the VeronaLabs wp-statistics plugin before 12.6.7 for WordPress. The v1/hit endpoint of the API, when the non-default "use cache plugin" setting is enabled, is vulnerable to unauthenticated blind SQL Injection.
The wp-all-import plugin before 3.2.5 for WordPress has blind SQL injection.
SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attackers to execute arbitrary SQL commands via unknown vectors.
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
An issue was discovered in the secure portal in Publisure 2.1.2. Because SQL queries are not well sanitized, there are multiple SQL injections in userAccFunctions.php functions. Using this, an attacker can access passwords and/or grant access to the user account "user" in order to become "Administrator" (for example).
The easy-digital-downloads plugin before 2.3.3 for WordPress has SQL injection.
SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in a blogs action to index.php.
The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED variable.
A vulnerability, which was classified as critical, has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256034 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
The email-newsletter plugin through 20.15 for WordPress has SQL injection.
SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arbitrary SQL commands via the moduleid parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in read.php in ToyLog 0.1 allows remote attackers to execute arbitrary SQL commands via the idm parameter.
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php.
Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection.
SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
The link-log plugin before 2.1 for WordPress has SQL injection.
SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c.
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function definitions
The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.
Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php, (2) details.php, (3) roomtypes.php, (4) photos.php, (5) map.php, (6) weather.php, (7) reviews.php, and (8) book.php.
SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php.
SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php.
SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.
SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php.
Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.
SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arbitrary SQL commands via the name parameter.
SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action.
SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.php. .
SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter.
Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/.