SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter.
SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action.
SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter.
SQL injection vulnerability in article_details.php in Softbiz Article Directory Script allows remote attackers to execute arbitrary SQL commands via the sbiz_id parameter.
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.
SQL injection vulnerability in clic.php in the Partenaires module 1.5 for Nuked-Klan allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action.
SQL injection vulnerability in default.php in Cornerstone Technologies webConductor allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
SQL injection vulnerability in view_photo.php in 2daybiz Network Community Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php.
SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.
SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.
SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter.
SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager allows remote attackers to execute arbitrary SQL commands via the ID parameter.
SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter.
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.
SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php.
SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page.
SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter.
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646.
Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in news_default.asp in Site2Nite Big Truck Broker allows remote attackers to execute arbitrary SQL commands via the txtSiteId parameter.
odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection. NOTE: this product is apparently discontinued.
PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) the filter_order_Dir parameter in a com_messages action to administrator/index.php.
SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action.
SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information.
A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /login.php. The manipulation of the argument id/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260616.
Multiple SQL injection vulnerabilities in MH Products Projekt Shop allow remote attackers to execute arbitrary SQL commands via the (1) ts parameter to details.php and possibly the (2) ilceler parameter to index.php.
Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
SQL injection vulnerability in shoppingcart.asp in Ecommercemax Solutions Digital-goods seller (DGS) 1.5 allows remote attackers to execute arbitrary SQL commands via the d parameter.
SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter.
SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171.