| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was found in mrtnmtth joomla_mod_einsatz_stats up to 0.2. It has been classified as critical. This affects the function getStatsByType of the file helper.php. The manipulation of the argument year leads to sql injection. Upgrading to version 0.3 is able to address this issue. The identifier of the patch is 27c1b443cff45c81d9d7d926a74c76f8b6ffc6cb. It is recommended to upgrade the affected component. The identifier VDB-217653 was assigned to this vulnerability. |
| odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. |
| odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection. NOTE: this product is apparently discontinued. |
| An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_gallery_ajax_callback(). |
| The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter. |
| The fs-shopping-cart plugin 2.07.02 for WordPress has SQL injection via the pid parameter. |
| The sirv plugin before 1.3.2 for WordPress has SQL injection via the id parameter. |
| The Relevanssi Premium plugin before 1.14.6.1 for WordPress has SQL injection with resultant unsafe unserialization. |
| The Post Indexer plugin before 3.0.6.2 for WordPress has SQL injection via the period parameter by a super admin. |
| The zx-csv-upload plugin 1 for WordPress has SQL injection via the id parameter. |
| The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF. |
| The zm-gallery plugin 1.0 for WordPress has SQL injection via the order parameter. |
| The xtremelocator plugin 1.5 for WordPress has SQL injection via the id parameter. |
| The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection. |
| The search-everything plugin before 8.1.6 for WordPress has SQL injection related to empty search strings, a different vulnerability than CVE-2014-2316. |
| The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319. |
| The booking-calendar-contact-form plugin before 1.0.24 for WordPress has SQL injection. |
| The olimometer plugin before 2.57 for WordPress has SQL injection. |
| The nextgen-gallery plugin before 2.1.57 for WordPress has SQL injection via a gallery name. |
| The all-in-one-wp-security-and-firewall plugin before 4.0.7 for WordPress has multiple SQL injection issues. |
