SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in imoveis.php in DescargarVista ACC IMoveis 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php.
SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1.
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php.
SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter.
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
SQL injection vulnerability in trackads.php in YourFreeWorld Banner Management allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.
A vulnerability was found in PHPGurukul Directory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265211.
SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.
SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
WUZHI CMS 4.1.0 allows coreframe/app/coupon/admin/copyfrom.php SQL injection via the index.php?m=promote&f=index&v=search keywords parameter, a related issue to CVE-2018-15893.
SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter.
SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
A vulnerability, which was classified as critical, has been found in SourceCodester Online Examination System 1.0. Affected by this issue is some unknown functionality of the file save.php. The manipulation of the argument vote leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265196.
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723.
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php.
SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter.
SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter.
SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
SQL injection vulnerability in index.asp in Digital Interchange Calendar 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intDivisionID parameter.
SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter.
SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php.
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265072.
SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter.
SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.
A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265073 was assigned to this vulnerability.
TuziCMS 2.0.6 is affected by SQL injection in \App\Manage\Controller\BannerController.class.php.
A vulnerability, which was classified as critical, was found in SourceCodester Event Registration System 1.0. This affects an unknown part of the file portal.php. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265197 was assigned to this vulnerability.
SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action.
SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter.
SQL injection vulnerability in index.php in UTStats Beta 4 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter in a matchp action.
SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action to index.php, a different vector than CVE-2007-4506.
Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php.
SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php.
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
SQL injection vulnerability in info.php in BrotherScripts (BS) and ScriptsFeed Auto Dealer allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the specific parameter.
SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter.