| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter. |
| SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php. |
| SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. |
| SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929. |
| SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2013-6929. |
| Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter. |
| SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615. |
| SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter. |
| SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be exploited by unauthenticated remote attackers if the guest user is enabled. |
| SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php. |
| SQL injection vulnerability in index.php in phppool media Domain Verkaus and Auktions Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. |
| Multiple SQL injection vulnerabilities in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) video_show.php, (2) spotlight_detail.php, (3) real_estate_details.php, and (4) auto_details.php. |
| SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter. |
| SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to index.php. |
| SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
