Professional Service Script 1.0 has SQL Injection via the service-list city parameter.

Event Search Script 1.0 has SQL Injection via the /event-list city parameter.

Secure E-commerce Script 2.0.1 has SQL Injection via the category.php searchmain or searchcat parameter, or the single_detail.php sid parameter.

PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.

Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.

Beauty Parlour Booking Script 1.0 has SQL Injection via the /list gender or city parameter.

Muslim Matrimonial Script 3.02 has SQL Injection via the success-story.php succid parameter.

Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.

CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to /news-detail.

The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action.

FS Linkedin Clone 1.0 has SQL Injection via the group.php grid parameter, profile.php fid parameter, or company_details.php id parameter.

A vulnerability was found in PHPGurukul e-Diary Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage-categories.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.

Resume Clone Script 2.0.5 has SQL Injection via the preview.php id parameter.

FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET sort_direction parameter.

FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.

Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI.

A SQL injection vulnerability in pycsw all versions before 2.0.2, 1.10.5 and 1.8.6 that leads to read and extract of any data from any table in the pycsw database that the database user has access to. Also on PostgreSQL (at least) it is possible to perform updates/inserts/deletes and database modifications to any table the database user has access to.

PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.

SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3.

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the POST user_search parameter.

Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.

Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL Injection via the findcity.php q parameter.

Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php pr_id parameter or the searchbycat_list.php catid parameter.

Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.

Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) monthy parameter to index.php or (2) login parameter to admin/index.php. NOTE: some sources have reported item 1 as involving the "monthly" parameter, but this is incorrect.

PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter.

Consumer Complaints Clone Script 1.0 has SQL Injection via the other-user-profile.php id parameter.

SQL injection vulnerability in users/signup.php in the "signup" component in HamayeshNegar CMS allows a remote attacker to execute arbitrary SQL commands via the "utype" parameter.

Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET user parameter.

Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.

Advanced World Database 2.0.5 has SQL Injection via the city.php country or state parameter, or the state.php country parameter.

The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.

The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.

FS Groupon Clone 1.0 has SQL Injection via the item_details.php id parameter or the vendor_details.php id parameter.

Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.

An issue was discovered in PvPGN Stats 2.4.6. SQL Injection exists in ladder/stats.php via the GET game parameter.

FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat parameter, browse-scategory.php sc parameter, or service-provider.php ser parameter.

Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php uid parameter, the admin/viewemcamp.php fnum parameter, or the admin/viewvisitcamp.php fn parameter.

Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.

FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.

Yoga Class Script 1.0 has SQL Injection via the /list city parameter.

Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php search parameter.

Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.

FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.

Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.

Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.