SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.
SQL injection vulnerability in admin/index.php in PG Roommate Finder Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php.
Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow remote attackers to execute arbitrary SQL commands via the (1) order_field and (2) order_type parameters to categories.php and unspecified other components. NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to secure/admin/guncelle.asp, (2) kulad and sifre parameters to secure/admin/giris.asp, and (3) username and password to secure/admin/default.asp.
SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter (aka passwd field) in a login action. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in the Tech Articles (com_tech_article) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the item parameter to index.php.
SQL injection vulnerability in index.php in CadeNix allows remote attackers to execute arbitrary SQL commands via the cid parameter.
SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
SQL injection vulnerability in arsaprint.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3942.
SQL injection vulnerability in lib/url/meta_url.php in SaturnCMS allows remote attackers to execute arbitrary SQL commands via the URL to the translate function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.
SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter.
SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field). NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Shopping Malls allows remote attackers to execute arbitrary SQL commands via the (1) sid and (2) cid parameters.
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php.
SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.
SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php.
Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 allow remote attackers to execute arbitrary SQL commands via the (1) adminname and (2) adminpass parameters. NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp.
SQL injection vulnerability in open.php in the Private Messaging (com_privmsg) component for Limbo CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a pms action to index.php.
SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3355.
SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.
SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter.
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php.
SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action.
SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) dish.php and (2) menu.php.
SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog 0.7.6 allows remote attackers to execute arbitrary SQL commands via the mod parameter.
SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie.
SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie.
SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action.
SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter.
SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
Multiple SQL injection vulnerabilities in Develop It Easy Membership System 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters to customer_login.php and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php.