SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter.
SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.
ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml..
SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter.
SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field.
SQL injection vulnerability in index.php in Almnzm 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
SQL injection vulnerability in index.php in esoftpro Online Photo Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the section parameter.
SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php.
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php.
SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Show&userid=.
SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial action to index.php. NOTE: some of these details are obtained from third party information.
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=.
SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer Website 1.0 allows remote attackers to execute arbitrary SQL commands via the vehicletypeID parameter.
SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php.
SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter.
SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171.
SQL injection vulnerability in processview.asp in Techno Dreams (T-Dreams) Cars Ads Package 2.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.
SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688.
SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action.
Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.
Movie Seat Reservation v1 was discovered to contain a SQL injection vulnerability at /index.php?page=reserve via the id parameter.
AtomCMS 2.0 is vulnerabie to SQL Injection via Atom.CMS_admin_ajax_list-sort.php
SQL injection vulnerability in login/login_index.php in MCLogin System 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the myusername parameter (aka Username field) in a do_login action. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the details parameter.
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.
A vulnerability was identified in itsourcecode Online Loan Management System 1.0. Impacted is an unknown function of the file /manage_payment.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=delete.
SQL injection vulnerability in search.php in MH Products kleinanzeigenmarkt allows remote attackers to execute arbitrary SQL commands via the c parameter.
SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the tipodoc_id parameter.
SQL injection vulnerability in book/detail.php in Virtue Netz Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the bid parameter.
SQL injection vulnerability in detail.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the prodid parameter.
SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action.
Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX.
SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action.
SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter.
Bluecms 1.6 has a SQL injection vulnerability at cooike.