Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header.
SQL injection vulnerability in index.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) ndetail.php and (2) print.php.
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.
SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter.
Multiple SQL injection vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 allow remote attackers to execute arbitrary SQL commands via (1) the where parameter to rss.php or (2) the sqlQuery parameter to search.php, a different issue than CVE-2015-7382.
SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php.
Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms action to index.php.
Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_fee.
The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3 allows SQL Injection.
Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_ids[] parameter to index.php.
A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_admin.php. This manipulation of the argument admin_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL.
SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi.
XSS and SQLi in huge IT gallery v1.1.5 for Joomla
A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable).
SQL injection vulnerability in statistics.php in PHPKick 0.8 allows remote attackers to execute arbitrary SQL commands via the gameday parameter in an overview action.
SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.
SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter.
SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter.
SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter.
SQL injection vulnerability in Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary SQL commands via the id parameter to watchstatus.cgi.
A security vulnerability has been detected in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /delete_member.php. Such manipulation of the argument user_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.
SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter.
SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable.
SQL injection vulnerability in LivelyCart 1.2.0 allows remote attackers to execute arbitrary SQL commands via the search_query parameter to product/search.
Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name parameter.
Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.
SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com eWebquiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizType parameter, a different vector than CVE-2007-1706.
SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter.
Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp.
A vulnerability was identified in itsourcecode Online Voting System 1.0. The affected element is an unknown function of the file /login.php. Such manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter.
Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php.
SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php.
SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action.
Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketing (MLM) Software allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) index.php and (2) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942.
SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.
Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbitrary SQL commands via the title parameter to (1) storyrss.php or (2) story.php.
SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS allows remote attackers to execute arbitrary SQL commands via the cf_id parameter.
SQL injection vulnerability in detail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the ID parameter.
SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action.
SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php.