SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter.
SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in news_read.php in Pilot Group (PG) eTraining allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search_games action.
SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal W3 allows remote attackers to execute arbitrary SQL commands via the kat parameter.
SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter.
SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter.
SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter.
Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php.
SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.
SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in xlacomments.asp in XIGLA Software Absolute Poll Manager XE 4.1 allows remote attackers to execute arbitrary SQL commands via the p parameter.
SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.
SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter.
SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php.
SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproperty allows remote attackers to execute arbitrary SQL commands via the adid parameter.
A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter.
A flaw has been found in Abdullah-Hasan-Sajjad Online-School up to f09dda77b4c29aa083ff57f4b1eb991b98b68883. This affects an unknown part of the file /studentLogin.php. This manipulation of the argument Email causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way.
SQL injection vulnerability in index.php in MyFWB 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
SQL injection vulnerability in success_story.php in php Online Dating Software MyPHPDating allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter.
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter.
SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter.
A vulnerability was identified in itsourcecode Online Loan Management System 1.0. Impacted is an unknown function of the file /manage_payment.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
SQL injection vulnerability in cat.php in 6rbScript allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
SQL injection vulnerability in contact_author.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter.
SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action.
SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action.
SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086.
SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php.
SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter.
SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.
A vulnerability was detected in code-projects Hostel Management System 1.0. Affected by this issue is some unknown functionality of the file /justines/admin/mod_users/index.php?view=view. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors.
A vulnerability was identified in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/edit-appointment.php. Such manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action.
Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588.