SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.
SQL injection vulnerability in view.php in esoftpro Online Contact Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter.
SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action.
A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.4 is able to address this issue. It is recommended to upgrade the affected component.
SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action.
A vulnerability has been found in TreasureHuntGame TreasureHunt up to 963e0e0 and classified as critical. Affected by this vulnerability is the function console_log of the file TreasureHunt/checkflag.php. The manipulation of the argument problema leads to sql injection. The attack can be launched remotely. The identifier of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue.
SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
A vulnerability has been found in PHPGurukul Maid Hiring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search-maid.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter.
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
SQL injection vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to execute arbitrary SQL commands via the session parameter.
SQL injection vulnerability in board/board.php in APBoard Developers APBoard 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3078.
SQL injection vulnerability in index.php in YPNinc JokeScript allows remote attackers to execute arbitrary SQL commands via the ypncat_id parameter.
SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in imoveis.php in DescargarVista ACC IMoveis 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php.
SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1.
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php.
SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter.
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
SQL injection vulnerability in trackads.php in YourFreeWorld Banner Management allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.
SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information.
A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /update_personal_details.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.
SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter.
SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
BlueCMS 1.6 has SQL injection in line 55 of admin/model.php
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723.
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php.
A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/ask_duty/delete.php. The manipulation of the argument ASK_DUTY_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252991.
SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter.
SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter.
SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
SQL injection vulnerability in index.asp in Digital Interchange Calendar 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intDivisionID parameter.
SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter.
SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php.
SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter.
SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.