CVSS:9.8(Critical)
Web Console in Comodo UTM Firewall before 2.7.0 allows remote attackers to execute arbitrary code without authentication via a crafted URL.
CVSS:9.8(Critical)
An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter.
CVSS:9.8(Critical)
zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.
CVSS:9.8(Critical)
An XML External Entity (XXE) vulnerability exists in iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20.
CVSS:9.8(Critical)
Horus CMS allows SQL Injection, as demonstrated by a request to the /busca or /home URI.
CVSS:9.8(Critical)
SQL Injection exists in the Jimtawl 2.2.7 component for Joomla! via the id parameter.
CVSS:9.8(Critical)
SQL Injection exists in the AMGallery 1.2.3 component for Joomla! via the filter_category_id parameter.
CVSS:9.8(Critical)
SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.
CVSS:9.8(Critical)
SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.
CVSS:9.8(Critical)
SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.
CVSS:9.8(Critical)
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter.
CVSS:9.8(Critical)
SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php.
CVSS:9.8(Critical)
SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/.
CVSS:9.8(Critical)
SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.
CVSS:9.8(Critical)
SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter.
CVSS:9.8(Critical)
SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter.
CVSS:9.8(Critical)
SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter.
CVSS:9.8(Critical)
SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
CVSS:9.8(Critical)
SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter.
CVSS:9.8(Critical)
SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
CVSS:9.8(Critical)
SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter.
CVSS:9.8(Critical)
SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.
CVSS:9.8(Critical)
SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter.
CVSS:9.8(Critical)
SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter.