SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500.
SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php.
Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.2.
A vulnerability classified as critical was found in SourceCodester Simple Subscription Website 1.0. Affected by this vulnerability is an unknown functionality of the file manage_plan.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258301 was assigned to this vulnerability.
A vulnerability was found in code-projects School Fees Payment System 1.0 and classified as critical. This issue affects some unknown processing of the file /datatable.php. The manipulation of the argument sSortDir_0 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action.
A vulnerability classified as critical has been found in SourceCodester Simple Subscription Website 1.0. Affected is an unknown function of the file Actions.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258300.
SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewdir action.
SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter.
SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 allows remote attackers to execute arbitrary SQL commands via the make_id parameter in a search action in browse mode.
Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component.
Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id parameter to nodelist.php; and unspecified other vectors. NOTE: it was later reported that the vlanview.php and vlandel.php vectors are also in 0.4.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t_dedupe parameter.
SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.
SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter.
An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.
SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter.
A vulnerability classified as critical was found in code-projects Online Book System 1.0. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument username/password/login_username/login_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-258202 is the identifier assigned to this vulnerability.
SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CRM Perks CRM Perks Forms.This issue affects CRM Perks Forms: from n/a through 1.1.4.
Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the (1) termid or (2) nyelv_id parameter to index.php.
A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.
SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.8.
The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue.
Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) emlak_detay.asp and (b) haber_detay.asp, the (2) kategori parameter to (c) kategorisirala.asp, and the (3) tip parameter to (d) tipsirala.asp.
SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.
In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.5.3.
The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.1.
ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action.
SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
SQL injection vulnerability in patch/comments.php in SH-News 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter.
SQL injection vulnerability in index.php in the Ktauber.com StylesDemo mod for phpBB 2.0.xx allows remote attackers to execute arbitrary SQL commands via the s parameter.
SQL injection vulnerability in notas.asp in Novus 1.0 allows remote attackers to execute arbitrary SQL commands via the nota_id parameter.
EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution.
Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the Aruba EdgeConnect Enterprise Orchestrator instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the Aruba EdgeConnect Enterprise Orchestrator host in Aruba EdgeConnect Enterprise Orchestration Software version(s): Aruba EdgeConnect Enterprise Orchestrator (on-premises), Aruba EdgeConnect Enterprise Orchestrator-as-a-Service, Aruba EdgeConnect Enterprise Orchestrator-SP and Aruba EdgeConnect Enterprise Orchestrator Global Enterprise Tenant Orchestrators - Orchestrator 9.2.1.40179 and below, - Orchestrator 9.1.4.40436 and below, - Orchestrator 9.0.7.40110 and below, - Orchestrator 8.10.23.40015 and below, - Any older branches of Orchestrator not specifically mentioned.
A vulnerability has been found in PHPGurukul Employee Record Management System 1.3 and classified as critical. This vulnerability affects unknown code of the file /myexp.php. The manipulation of the argument emp3ctc leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to execute arbitrary SQL commands via the order parameter.
SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthistory/models/history.php in Joomla! 3.2 before 3.4.5 allows remote attackers to execute arbitrary SQL commands via the list[select] parameter to index.php.
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.5.102 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.