Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.

SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information.

A vulnerability was found in itsourcecode Sports Management System 1.0. The impacted element is an unknown function of the file /Admin/facilitator.php. Performing manipulation of the argument code results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

A vulnerability was found in code-projects Online Product Reservation System 1.0. This affects an unknown part of the file /handgunner-administrator/edit.php of the component POST Parameter Handler. The manipulation of the argument prod_id/name/price/model/serial results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.

SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter.

MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.

A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The manipulation of the argument emailadd results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows remote attackers to execute arbitrary SQL commands via the password parameter.

SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html.

Multiple SQL injection vulnerabilities in index.php in Kensei Board 2.0 BETA (aka 2.0.0b) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) f and (2) t parameters in a showforum action.

SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter.

A vulnerability was identified in itsourcecode Apartment Management System 1.0. This vulnerability affects unknown code of the file /visitor/addvisitor.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

A vulnerability was found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.

SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter.

Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to events_view.php and the (2) id parameter to events_clndr_view.php.

SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote attackers to execute arbitrary SQL commands via the ava_code cookie to the "main page," related to index.php and the login task.

Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.

SQL Injection vulnerability in Metinfo 7.0.0beta in index.php.

SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) project or id parameters to topics/deletetopics.php; the (2) id parameter to bookmarks/deletebookmarks.php; or the (3) id parameter to calendar/deletecalendar.php.

SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action.

SQL injection vulnerability in merchant_product_list.php in JCE-Tech Shareasale Script (SASS) 1 allows remote attackers to execute arbitrary SQL commands via the mechant_id parameter.

SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog (aka Smart Catalog) allows remote attackers to execute arbitrary SQL commands via the search_text parameter. NOTE: some of these details are obtained from third party information.

SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

SQL injection vulnerability in default.asp in AKY Blog allows remote attackers to execute arbitrary SQL commands via the id parameter.

A security vulnerability has been detected in Campcodes Online Loan Management System 1.0. Affected is an unknown function of the file /ajax.php?action=save_borrower. The manipulation of the argument lastname leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

A vulnerability has been found in itsourcecode Sports Management System 1.0. The affected element is an unknown function of the file /Admin/tournament_details.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

A vulnerability was identified in code-projects Human Resource Integrated System 1.0. This issue affects some unknown processing of the file /login.php. Such manipulation of the argument user/pass leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx.

SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2.

SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Event Search Script 1.0 has SQL Injection via the /event-list city parameter.

SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.

FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid parameter.

SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action.

SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.

SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

A vulnerability was found in code-projects Online Music Site 1.0. This impacts an unknown function of the file /Frontend/Feedback.php. Performing a manipulation of the argument fname results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.

SQL injection vulnerability in the JoltCard (com_joltcard) component 1.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cardID parameter in a view action to index.php.

The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication.

SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php.

SQL injection vulnerability in type.asp in JobPost 1.0 allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: some of these details are obtained from third party information.

iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.

Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) 3.0.21 allow remote attackers to execute arbitrary SQL commands via the (1) phpqa_user_c parameter to Arcade.php and the (2) id parameter to acpmoderate.php.

SQL injection vulnerability was discovered in Aanderaa GeoView Webservice prior to version 2.1.3 that could allow an unauthenticated attackers to execute arbitrary commands.

SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information.

SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter.