Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_court.
Multiple SQL injection vulnerabilities in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) userid parameter to (a) profile.php in a "show moreinfo" action; the (2) bildid parameter to (b) picturegallery.php in a shownext action; the (3) id parameter to (c) filebase.php in a freigeben action, (d) schedule.php in a del action, and (e) profile.php in an observe action; and the (4) pmid parameter in a delete action and (5) folderid parameter in a showfolder action to (f) message.php.
SQL injection vulnerability in Kostenloses Linkmanagementscript allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) top_view.php.
Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter to players.php.
SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action.
SQL injection vulnerability in the Support view (ext_tbl) extension 0.0.102 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to execute arbitrary SQL commands via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and vector 2 might overlap CVE-2005-1865.2.
College Management System Php 1.0 suffers from SQL injection vulnerabilities in the index.php page from POST parameters 'unametxt' and 'pwdtxt', which are not filtered before passing a SQL query.
SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action.
SQL injection vulnerability in index.php in Web Slider 0.6 allows remote attackers to execute arbitrary SQL commands via the slide parameter in a slides action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php.
SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085.
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php.
SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter.
SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.
Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and possibly other versions before 4, allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka Email field) to index.php in (1) member/, (2) client/, or (3) admin/; or (4) the FormValue_SearchKeywords parameter to client/campaign_track.php.
SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI.
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API.
SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels 3 allows remote attackers to execute arbitrary SQL commands via the id_cat parameter.
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."
SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in index.php in BoatScripts Classifieds allows remote attackers to execute arbitrary SQL commands via the type parameter.
SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action.
SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter.
SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter in a Fiction action, possibly related to sources/fiction.class.php.
The buddyforms plugin before 2.2.8 for WordPress has SQL injection.
SQL injection vulnerability in index.php in MxBB (aka MX-System) Portal 2.7.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.
SQL injection vulnerability in csc_article_details.php in Caupo.net CaupoShop Classic 1.3 allows remote attackers to execute arbitrary SQL commands via the saArticle[ID] parameter.
SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 and earlier allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php.
SQL injection vulnerability in index.php in Mole Group Hotel Script 1.0 allows remote attackers to execute arbitrary SQL commands via the file parameter.
Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp.
SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 allows remote attackers to execute arbitrary SQL commands via the categori parameter in a pocategorisell action to modules.php.
Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
SQL injection vulnerability in admin/journal_change_mask.inc.php in meBiblio 0.4.7 allows remote attackers to execute arbitrary SQL commands via the JID parameter.