| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. |
| SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php. |
| SQL injection vulnerability in report.php in Meeting Room Booking System (MRBS) before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the typematch parameter. NOTE: some of these details are obtained from third party information. |
| SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter. |
| Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components. |
| SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery allows remote attackers to execute arbitrary SQL commands via the ctg parameter. |
| SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php. |
| SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. |
| SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect. |
| SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. |
| SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter. |
| SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
| SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action. |
| SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php. |
| SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788. |
| SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded supervisor cookie. |
| SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. |
| SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2 |
| SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings. |
| SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.php in vsp stats processor 0.45 allows remote attackers to execute arbitrary SQL commands via the gameID parameter. |
