SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page.
SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action.
Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote attackers to execute arbitrary SQL commands via the (1) ref or (2) poll_id parameter to index.php, or the (3) country parameter to create_account.php.
SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.
SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in index.php in Energine, possibly 2.3.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the NRGNSID cookie.
SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the album_id parameter.
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter.
SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171.
SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier allows remote attackers to execute arbitrary SQL commands via the Username.
SQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.
SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter.
SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter.
Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) arac parameter to carsdetail.asp and the (2) marka parameter to twohandscars.asp.
Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp.
SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action.
SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action.
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
A vulnerability was detected in itsourcecode Event Management System 1.0. Affected is an unknown function of the file /admin/manage_booking.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter.
SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO.
SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php.
Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action.
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php.
SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php.
SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote attackers to execute arbitrary SQL commands via the ava_code cookie to the "main page," related to index.php and the login task.
The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via the username parameter to the admin login page.
SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the role parameter, a different vulnerability than CVE-2010-2577.
SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter.
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.
Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx.
SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter.
SQL injection vulnerability in the Publisher module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printarticle action to mod.php, a different vector than CVE-2007-3394.
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.
SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in index.php in Tycoon Baseball Script 1.0.9 allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a game_player action.
SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter.
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.
SQL injection vulnerability in articlesdetails.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-2905.