template injection vulnerabilities and exploits

6.8
CVSSv2
CVE-2007-4863

SQL injection vulnerability in example.php in SAXON 5.4 allows remote attackers to execute arbitrary SQL commands via the template parameter....

QuirmSaxon
7.5
CVSSv2
CVE-2010-2510

SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter....

2daybizWeb Template Software
7.5
CVSSv2
CVE-2007-4108

SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter....

7.5
CVSSv2
CVE-2008-5950

SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter....

AspappsTemplate Creature
7.5
CVSSv2
CVE-2007-4109

SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter....

7.5
CVSSv2
CVE-2007-5233

SQL injection vulnerability in index.php in Web Template Management System 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a readmore action....

7.5
CVSSv2
CVE-2005-3798

SQL injection vulnerability in admin/index.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary SQL commands via the username field....

7.5
CVSSv2
CVE-2007-4110

SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter....

6.8
CVSSv2
CVE-2008-0139

Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter....

Loudblog
7.5
CVSSv2
CVE-2019-10100

In JetBrains YouTrack Confluence plugin versions before 1.8.1.3, it was possible to achieve Server Side Template Injection. The attacker could add an Issue macro to the page in Confluence, and use a combination of a valid id field and specially crafted code in the...