SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.
Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.
SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vBulletin module, allows remote attackers to execute arbitrary SQL commands via the mapid parameter in a showdetails action to (1) vbgooglemaphse.php and (2) mapa.php.
The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.
Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
SQL injection vulnerability in PG Matchmaking allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) news_read.php and (2) gifts_show.php.
The wp-polls plugin before 2.72 for WordPress has SQL injection.
Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php.
SQL injection vulnerability in view_products_cat.php in Vastal I-Tech Cosmetics Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter.
SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote attackers to execute arbitrary SQL commands via the lnkid parameter.
SQL injection vulnerability in category_search.php in RazorCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the id parameter.
Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter.
SQL injection vulnerability in job_seeker/applynow.php in AvailScript Job Portal Script allows remote attackers to execute arbitrary SQL commands via the jid parameter.
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to vlanedit.php. NOTE: the vlanview.php and vlandel.php vectors are already covered by CVE-2007-6579.
SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338.
SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie.
SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in index.asp in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the sideid parameter.
SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id_doc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter.
SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.
SQL injection vulnerability in admin/admin.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) search.asp and (2) cartUtil.asp.
SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an addtocart action, a different vector than CVE-2007-2672.
SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the artid parameter.
SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter.
SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
SQL injection vulnerability in viewprofile.php in Availscript Classmate Script allows remote attackers to execute arbitrary SQL commands via the p parameter.
SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta allows remote attackers to execute arbitrary SQL commands via the oyun parameter.
SQL injection vulnerability in tops_top.php in Million Pixel Ad Script (Million Pixel Script) allows remote attackers to execute arbitrary SQL commands via the id_cat parameter.
SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a cat action to the home component.
SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) dish.php and (2) menu.php.
SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter.
SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.