SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) Password fields, as reachable from admin/index.php.
SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php.
SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter.
Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege.
SQL injection vulnerability in the Address visualization with Google Maps (st_address_map) extension before 0.3.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Multiple SQL injection vulnerabilities in system_member_login.php in Infocus Real Estate Enterprise Edition allow remote attackers to execute arbitrary SQL commands via the (1) username (aka login) and (2) password parameters. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_sermons action to index.php.
Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user (username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.
SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor.
SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) component, possibly 1.3, for Joomla! allows remote attackers to execute arbitrary SQL commands via the faqid parameter in an faq action to index.php.
SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter.
Multiple SQL injection vulnerabilities in login.php in Tiger Document Management System (DMS) allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter.
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopup action to index.php. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074.
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 2.7.10 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows SQL injection, as demonstrated by the TableName, ColumnName, Name, UserId, or Password parameter.
Multiple SQL injection vulnerabilities in the insert_to_pastebin function in php/cccp-admin/inc/functions.php in CCCP Community Clan Portal Pastebin before 2.80 allow remote attackers to execute arbitrary SQL commands via the (1) subject, (2) language, and (3) nickname parameters to php/cccp-pages/submit.php. NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities in admin/admin_login.php in Uiga Fan Club 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin_name and (2) admin_password parameters.
FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/permissions/create/. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the cname parameter in a checkAlias action, as exploited in the wild in April 2009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php.
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. NOTE: it was later reported that vector 3c also affects 1.2.2.
SQL injection vulnerability in topicler.php in phPortal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1.
Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters.
SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote attackers to execute arbitrary SQL commands via the AlbumId parameter.
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php.
In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability.
SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to execute arbitrary code and gain escalated privileges, via the username parameter to login.php.
code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function.
SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter.
SQL injection vulnerability in index.php in Systemsoftware Community Black Forum allows remote attackers to execute arbitrary SQL commands via the s_flaeche parameter.
SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.php in vsp stats processor 0.45 allows remote attackers to execute arbitrary SQL commands via the gameID parameter.
SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter.
SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php.
There is an upload sql injection vulnerability in the background of taocms 3.0.2 in parameter id:action=cms&ctrl=update&id=26
SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
An SQL Injection vulnerability exists in Sourcecodester Simple Cold Storage Management System using PHP/OOP 1.0 via the username field in login.php.
SQL injection vulnerability in game_play.php in the FB Gorilla plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters.
SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
SQL injection vulnerability in the Airiny ABC (com_abc) component 1.1.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sectionid parameter in an abc action to index.php.