Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.
SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in includes/functions.php, and (4) unspecified variables in modules/chat.php, as demonstrated via the (a) show parameter in an online action to index.php; (b) PATH_INTO to the room/ handler; (c) image and (d) id parameters in a vote action to index.php; (e) PATH_INFO to the blog/ handler; and (f) id parameter in a blog_edit action to index.php.
SQL injection vulnerability in public/page.php in Websens CMSbright allows remote attackers to execute arbitrary SQL commands via the id_rub_page parameter.
Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.
Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv_rating_vote) action to wp-admin/admin-ajax.php.
SQL injection vulnerability in index.php in Ultrastats 0.2.144 and 0.3.11 allows remote attackers to execute arbitrary SQL commands via the serverid parameter.
SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action.
SQL injection vulnerability in tourview.php in ToursManager allows remote attackers to execute arbitrary SQL commands via the tourid parameter.
SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to execute arbitrary SQL commands via the subcategory_id parameter.
Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398.
SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Vulnerability in Easy2map-photos WordPress Plugin v1.09 allows SQL Injection via unsanitized mapTemplateName, mapName, mapSettingsXML, parentCSSXML, photoCSSXML, mapCSSXML, mapHTML,mapID variables
SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter.
SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m allows remote attackers to execute arbitrary SQL commands via the start parameter.
SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the y parameter in a get_user action.
SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter).
SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp.
SQL injection vulnerability in group_index.php in Social Groupie allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field.
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name.
MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml.
SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
Multiple SQL injection vulnerabilities in Freeway before 1.4.3.210 allow remote attackers to execute arbitrary SQL commands via unspecified vectors involving the (1) advanced search result and (2) service resource pages.
SQL injection vulnerability in forummessages.cfm in CF_Forum allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
SQL injection vulnerability in cityview.php in Tours Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the cityid parameter.
SQL injection vulnerability in login.php in Simple Customer as downloaded on 20081118 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php. NOTE: this might be the same issue as CVE-2008-6647.
SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter.
SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106.
SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509.
Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php.
SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll) 1.0 and 1.01 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote attackers to execute arbitrary SQL commands via the cat parameter to agenda/index.php, and unspecified other vectors.
SQL injection vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) opt_in_out.php.inc, (2) confirmation.php.inc, and (3) renewal.php.inc in mailinglist/.
SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.
SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username (user parameter).
Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in an e2m_img_save_map_name action to wp-admin/admin-ajax.php and other unspecified vectors.
SQL injection vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp; (4) the userid parameter to admin_login.asp (aka the USERNAME field in admin.asp); and (5) the PassWord parameter to admin_login.asp (aka the PASSWORD field in admin.asp). NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header ($_SERVER['HTTP_USER_AGENT']).
SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.