Skip to main content

319 docs tagged with "SQL_Injection_Vulnerability"

View all tags

CVE-2004-1113

SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attack

CVE-2004-1129

SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and

CVE-2004-1225

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute

CVE-2004-1785

SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to

CVE-2005-0271

Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to e

CVE-2005-0284

SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly o

CVE-2006-0065

SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_displa

CVE-2006-0066

SQL injection vulnerability in index.php in PHPjournaler 1.0 allows remote attackers to execute arbi

CVE-2006-0067

SQL injection vulnerability in login.php in VEGO Links Builder 2.00 and earlier allows remote attack

CVE-2006-0068

SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitra

CVE-2006-0074

SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary

CVE-2006-0079

SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to exec

CVE-2006-0085

SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attackers to execute arbitrary SQL com

CVE-2006-0087

SQL injection vulnerability in (1) pages.php and (2) detail.php in Lizard Cart CMS 1.04 allows remot

CVE-2006-0088

SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to exe

CVE-2006-0107

SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands

CVE-2006-0108

SQL injection vulnerability in mcl_login.asp in Timecan CMS allows remote attackers to execute arbit

CVE-2006-0115

Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to ex

CVE-2006-0123

Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary

CVE-2006-0135

SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 allows remote attackers to execu

CVE-2006-0137

SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2

CVE-2006-0154

SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 allows remote attackers to exec

CVE-2006-0158

SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execut

CVE-2006-0159

SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to execute ar

CVE-2006-0160

SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute

CVE-2006-0163

SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 al

CVE-2006-0167

SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL comman

CVE-2006-0184

Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQ

CVE-2006-6922

SQL injection vulnerability in Deadlock User Management System (phpdeadlock) 0.64 and earlier allows

CVE-2006-6923

SQL injection vulnerability in newsletters/edition.php in bitweaver 1.3.1 and earlier allows remote

CVE-2006-6927

Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL

CVE-2006-6930

SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 allows remote attackers to execute

CVE-2007-0052

SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows remote attackers to execute arb

CVE-2007-0053

SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer 2.0 and earlier allows remote a

CVE-2007-0092

SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execu

CVE-2007-0093

SQL injection vulnerability in page.php in Simple Web Content Management System allows remote attack

CVE-2007-0107

WordPress before 2.0.6, when mbstring is enabled for PHP, decodes alternate character sets after esc

CVE-2007-0112

SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrar

CVE-2007-0122

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote a

CVE-2007-0128

SQL injection vulnerability in info_book.asp in Digirez 3.4 and earlier allows remote attackers to e

CVE-2007-0129

SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and earlier allows remote attacker

CVE-2007-0130

SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 allows remote attackers to execu

CVE-2007-0132

SQL injection vulnerability in compare_product.php in iGeneric iG Shop 1.4 allows remote attackers t

CVE-2007-0133

Multiple SQL injection vulnerabilities in display_review.php in iGeneric iG Shop 1.4 and earlier all

CVE-2007-0140

SQL injection vulnerability in down.asp in Kolayindir Download (Yenionline) allows remote attackers

CVE-2007-0142

SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce Shopping Cart allows remote att

CVE-2007-0179

SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows remote attackers to execute arb

CVE-2007-0196

SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier al

CVE-2007-0202

SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magic_quotes_gpc

CVE-2007-0223

SQL injection vulnerability in shared/code/cp_functions_downloads.php in Nicola Asuni All In One Con

CVE-2007-0224

SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP Shopping Cart 6.09 and earlier allows

CVE-2007-0226

SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier allows remote attackers to ex

CVE-2007-5402

Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow (1) remote attackers to execute

CVE-2007-6622

SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to ex

CVE-2007-6634

Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote atta

CVE-2007-6639

SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier allows remote attackers to execu

CVE-2007-6647

SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to exe

CVE-2007-6656

SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and e

CVE-2007-6658

SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attacke

CVE-2007-6663

SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arc

CVE-2007-6664

SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers

CVE-2007-6665

SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to exe

CVE-2007-6666

SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to exec

CVE-2007-6667

SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to exe

CVE-2007-6670

SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute ar

CVE-2007-6671

SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attacke

CVE-2008-0089

SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrar

CVE-2008-0099

Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to exec

CVE-2008-0129

SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier a

CVE-2008-0130

SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attacke

CVE-2008-0133

Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute

CVE-2008-0142

Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute a

CVE-2008-0147

SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is di

CVE-2008-0154

SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execut

CVE-2008-0157

SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary

CVE-2008-0159

SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to exe

CVE-2008-0185

SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remot

CVE-2008-0187

SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier

CVE-2008-0219

SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers

CVE-2008-0224

SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 a

CVE-2008-0232

Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbit

CVE-2008-2381

SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForg

CVE-2008-5811

SQL injection vulnerability in the PaxGallery (com_paxgallery) component 0.1 for Joomla! allows remo

CVE-2008-5813

SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2

CVE-2008-5815

SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrar

CVE-2008-5816

SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to

CVE-2008-5817

Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 al

CVE-2008-5820

SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to exec

CVE-2008-5838

SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart)

CVE-2008-5841

Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute

CVE-2008-5844

PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally d

CVE-2008-5851

SQL injection vulnerability in index.php in My PHP Baseball Stats (MyPBS) allows remote attackers to

CVE-2008-5859

SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and earlier, when register_globals

CVE-2008-5863

SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (

CVE-2008-5864

SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking

CVE-2008-5865

SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation Syst

CVE-2008-5874

Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla!

CVE-2008-5875

SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation Syst

CVE-2008-5877

Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, wh

CVE-2008-5882

SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) befo

CVE-2008-5888

Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL

CVE-2008-5890

SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute

CVE-2008-5892

Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary

CVE-2008-5895

SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers

CVE-2009-0104

SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote attackers to execute arbitrar

CVE-2009-0106

SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attac

CVE-2009-0109

SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to exec

CVE-2009-0110

SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execu

CVE-2009-0111

SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers

CVE-2009-4540

SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitra

CVE-2009-4550

SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! a

CVE-2009-4551

SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to exec

CVE-2009-4560

SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arb

CVE-2009-4561

Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc

CVE-2009-4564

SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allo

CVE-2009-4566

SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitr

CVE-2009-4569

SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary

CVE-2009-4571

Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execu

CVE-2009-4574

SQL injection vulnerability in country_escorts.php in I-Escorts Directory Script allows remote attac

CVE-2009-4576

SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote a

CVE-2009-4577

SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote at

CVE-2009-4582

SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote at

CVE-2009-4583

SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attacke

CVE-2009-4591

SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote

CVE-2009-4595

SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to e

CVE-2009-4597

Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authentica

CVE-2009-4598

SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attac

CVE-2009-4599

Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! all

CVE-2009-4600

SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 a

CVE-2010-0158

SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote

CVE-2010-4496

Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO

CVE-2010-5317

Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote att

CVE-2011-0407

SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.cla

CVE-2011-0443

SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disab

CVE-2011-4921

SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1

CVE-2011-5020

An SQL Injection vulnerability exists in the ID parameter in Online TV Database 2011.

CVE-2011-5050

SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10

CVE-2011-5266

Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2010 allows SQL injection filte

CVE-2011-5308

Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for Wo

CVE-2011-5313

Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote at

CVE-2012-1259

Multiple SQL injection vulnerabilities in Plixer International Scrutinizer NetFlow & sFlow Analyzer

CVE-2012-5874

Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_gu

CVE-2012-6434

Multiple cross-site request forgery (CSRF) vulnerabilities in e107_admin/download.php in e107 1.0.2

CVE-2012-6496

SQL injection vulnerability in the Active Record component in Ruby on Rails before 3.0.18, 3.1.x bef

CVE-2012-6497

The Authlogic gem for Ruby on Rails, when used with certain versions before 3.2.10, makes potentiall

CVE-2013-2050

SQL injection vulnerability in the miq_policy controller in Red Hat CloudForms 2.0 Management Engine

CVE-2013-3932

SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows rem

CVE-2013-6321

SQL injection vulnerability in IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2

CVE-2013-7139

SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 an

CVE-2013-7225

Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before

CVE-2013-7262

SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c in MapServer

CVE-2013-7278

SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary

CVE-2014-2838

Multiple cross-site request forgery (CSRF) vulnerabilities in the GD Star Rating plugin 19.22 for Wo

CVE-2014-2839

SQL injection vulnerability in the GD Star Rating plugin 19.22 for WordPress allows remote administr

CVE-2014-4984

Déjà Vu Crescendo Sales CRM has remote SQL Injection

CVE-2014-5071

SQL injection vulnerability in the checkPassword function in Symmetricom s350i 2.70.15 allows remote

CVE-2014-5140

The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7

CVE-2014-8083

SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote

CVE-2014-9435

Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to ex

CVE-2014-9440

SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute a

CVE-2014-9442

SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for Word

CVE-2014-9445

SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remo

CVE-2014-9450

Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0

CVE-2014-9455

SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote atta

CVE-2014-9457

SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote

CVE-2014-9464

SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote att

CVE-2014-9519

SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attack

CVE-2014-9520

SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote atta

CVE-2014-9528

SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/contr

CVE-2015-9249

An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webse

CVE-2016-10096

SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows remote attackers to exec

CVE-2017-1000444

Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and lo

CVE-2017-1000493

Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL injection leading to administrato

CVE-2017-14960

xDashboard in OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP

CVE-2017-1670

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to SQL injection. A remote attacker

CVE-2017-17970

Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote attackers to execute arbitrary SQL

CVE-2017-5971

SQL injection vulnerability in NewsBee CMS allow remote attackers to execute arbitrary SQL commands.

CVE-2017-7997

Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow remote attackers to execute arb

CVE-2018-13045

SQL injection vulnerability in the 'Bazar' page in Yeswiki Cercopitheque 2018-06-19-1 and earlier al

CVE-2018-16175

SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administra

CVE-2018-16188

SQL injection vulnerability in the RICOH Interactive Whiteboard D2200 V1.3 to V2.2, D5500 V1.3 to V2

CVE-2018-19415

Multiple SQL injection vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to execute arbitra

CVE-2018-19994

An error-based SQL injection vulnerability in product/card.php in Dolibarr version 8.0.2 allows remo

CVE-2018-19998

SQL injection vulnerability in user/card.php in Dolibarr version 8.0.2 allows remote authenticated u

CVE-2018-3811

SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress

CVE-2018-5211

PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack on the page ajax.php with the p

CVE-2018-5315

The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL Injection via the event_id parameter

CVE-2018-5372

The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php

CVE-2018-5373

The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection via smooth-slider.php (trid p

CVE-2018-5374

The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.ph

CVE-2019-20337

In PHP Scripts Mall advanced-real-estate-script 4.0.9, the news_edit.php news_id parameter is vulner

CVE-2019-20361

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed

CVE-2019-3494

Simply-Blog through 2019-01-01 has SQL Injection via the admin/deleteCategories.php delete parameter

CVE-2019-3576

inxedu through 2018-12-24 has a SQL Injection vulnerability that can lead to information disclosure

CVE-2019-3577

An issue was discovered in Waimai Super Cms 20150505. web/Lib/Action/ProductAction.class.php allows

CVE-2019-4651

IBM Jazz Reporting Service (JRS) 6.0.6.1 is vulnerable to SQL injection. A remote attacker could sen

CVE-2019-5488

EARCLINK ESPCMS-P8 has SQL injection in the install_pack/index.php?ac=Member&at=verifyAccount verify

CVE-2019-5720

includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in

CVE-2019-5893

Nelson Open Source ERP v6.3.1 allows SQL Injection via the db/utils/query/data.xml query parameter.

CVE-2019-6127

An issue was discovered in XiaoCms 20141229. It allows admin/index.php?c=database table SQL injectio

CVE-2020-23630

A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection).

CVE-2020-26045

FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting t

CVE-2020-26623

SQL Injection vulnerability discovered in Gila CMS 1.15.4 and earlier allows a remote attacker to ex

CVE-2020-26624

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote at

CVE-2020-26625

A SQL injection vulnerability was discovered in Gila CMS 1.15.4 and earlier which allows a remote at

CVE-2020-26627

A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can

CVE-2020-26630

A Time-Based SQL Injection vulnerability was discovered in Hospital Management System V4.0 which can

CVE-2020-26712

REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList function via sort parameter. Th

CVE-2020-26773

Restaurant Reservation System 1.0 suffers from an authenticated SQL injection vulnerability, which a

CVE-2020-28102

cscms v4.1 allows for SQL injection via the 'js_del' function.

CVE-2020-28103

cscms v4.1 allows for SQL injection via the 'page_del' function.

CVE-2020-28679

A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 145

CVE-2020-35701

An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection vulnerability in data_debug.p

CVE-2020-36112

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based

CVE-2020-5192

PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple SQL injection vulnerabilitie

CVE-2020-5307

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by

CVE-2020-5510

PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profi

CVE-2020-5511

PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when loggi

CVE-2020-5841

An issue was discovered in OpServices OpMon 9.3.1-1. Using password change parameters, an attacker c

CVE-2021-21465

The BW Database Interface allows an attacker with low privileges to execute any crafted database que

CVE-2021-24786

The Download Monitor WordPress plugin before 4.4.5 does not properly validate and escape the 'orderb

CVE-2021-24862

The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_a

CVE-2021-24949

The 'WP Search Filters' widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7

CVE-2021-25023

The Speed Booster Pack ⚡ PageSpeed Optimization Suite WordPress plugin before 4.3.3.1 does not escap

CVE-2021-25030

The Events Made Easy WordPress plugin before 2.2.36 does not sanitise and escape the search_text par

CVE-2021-25054

The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and us

CVE-2021-3018

ipeak Infosystems ibexwebCMS (aka IPeakCMS) 3.5 is vulnerable to an unauthenticated Boolean-based SQ

CVE-2021-3025

Invision Community IPS Community Suite before 4.5.4.2 allows SQL Injection via the Downloads REST AP

CVE-2021-3118

EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login

CVE-2021-37197

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C

CVE-2021-39978

Telephony application has a SQL Injection vulnerability.Successful exploitation of this vulnerabilit

CVE-2021-43971

A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote

CVE-2021-45334

Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can by

CVE-2022-21643

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL inje

CVE-2022-21644

USOC is an open source CMS with a focus on simplicity. In affected versions USOC allows for SQL inje

CVE-2022-21647

CodeIgniter is an open source PHP full-stack web framework. Deserialization of Untrusted Data was fo

CVE-2022-21661

WordPress is a free and open-source content management system written in PHP and paired with a Maria

CVE-2022-22338

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 is vulnerable to SQL injection.

CVE-2022-3241

The Build App Online WordPress plugin before 1.0.19 does not properly sanitise and escape some param

CVE-2022-34324

Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated attacker to in

CVE-2022-3792

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2022-38490

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. Some parameters allow SQL inj

CVE-2022-38492

An issue was discovered in EasyVista 2020.2.125.3 and 2022.1.109.0.03. One parameter allows SQL inje

CVE-2022-3860

The Visual Email Designer for WooCommerce WordPress plugin before 1.7.2 does not properly sanitise a

CVE-2022-38627

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-

CVE-2022-4049

The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before us

CVE-2022-4059

The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parame

CVE-2022-40615

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remot

CVE-2022-4099

The Joy Of Text Lite WordPress plugin before 2.3.1 does not properly sanitise and escape some parame

CVE-2022-4297

The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter b

CVE-2022-4351

The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter b

CVE-2022-43519

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche

CVE-2022-4352

The Qe SEO Handyman WordPress plugin through 1.0 does not properly sanitize and escape a parameter b

CVE-2022-43520

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche

CVE-2022-43521

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche

CVE-2022-43522

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche

CVE-2022-43523

Multiple vulnerabilities in the web-based management interface of Aruba EdgeConnect Enterprise Orche

CVE-2022-43530

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut

CVE-2022-43531

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an aut

CVE-2022-4355

The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo

CVE-2022-4356

The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo

CVE-2022-4357

The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter befo

CVE-2022-4358

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame

CVE-2022-4359

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame

CVE-2022-4360

The WP RSS By Publishers WordPress plugin through 0.1 does not properly sanitize and escape a parame

CVE-2022-4370

The multimedial images WordPress plugin through 1.0b does not properly sanitize and escape a paramet

CVE-2022-4371

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter bef

CVE-2022-4372

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter bef

CVE-2022-4373

The Quote-O-Matic WordPress plugin through 1.0.5 does not properly sanitize and escape a parameter b

CVE-2022-45165

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application

CVE-2022-46471

Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consu

CVE-2022-46472

Helmet Store Showroom Site v1.0 was discovered to contain a SQL injection vulnerability via the id p

CVE-2022-46502

Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via th

CVE-2022-46623

Judging Management System v1.0.0 was discovered to contain a SQL injection vulnerability via the use

CVE-2022-47790

Sourcecodester Dynamic Transaction Queuing System v1.0 is vulnerable to SQL Injection via /queuing/i

CVE-2023-0016

SAP BPC MS 10.0 - version 810, allows an unauthorized attacker to execute crafted database queries.

CVE-2023-0254

The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘or

CVE-2023-22959

WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspas

CVE-2023-30014

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to

CVE-2023-30015

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to

CVE-2023-30016

SQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to

CVE-2023-39336

An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 al

CVE-2023-39853

SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive i

CVE-2023-41287

A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerabi

CVE-2023-46953

SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code vi

CVE-2023-47219

A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability c

CVE-2023-48864

SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in

CVE-2023-49622

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '

CVE-2023-49624

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '

CVE-2023-49625

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '

CVE-2023-49633

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '

CVE-2023-49639

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '

CVE-2023-49658

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '

CVE-2023-49665

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '

CVE-2023-49666

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '

CVE-2023-50027

SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.

CVE-2023-50162

SQL injection vulnerability in EmpireCMS v7.5, allows remote attackers to execute arbitrary code and

CVE-2023-50743

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilit

CVE-2023-50752

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilit

CVE-2023-50753

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilit

CVE-2023-50862

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ho

CVE-2023-50863

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ho

CVE-2023-50864

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ho

CVE-2023-50865

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ci

CVE-2023-50866

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'us

CVE-2023-50867

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'us

CVE-2023-51805

SQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain se

CVE-2023-51978

In PHPGurukul Art Gallery Management System v1.1, 'Update Artist Image' functionality of 'imageid' p

CVE-2023-52064

Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the $keywords parameter

CVE-2023-52142

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2023-52201

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2023-52204

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2023-52215

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2023-6436

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i

CVE-2023-6567

The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order_by’ par

CVE-2023-6921

Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data

CVE-2023-6981

The WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for W

CVE-2024-21747

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i