SQL injection vulnerability in login.php in Simple Customer as downloaded on 20081118 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter.
SQL injection vulnerability in links.php in Scripts for Sites (SFS) EZ Link Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cha parameter.
SQL injection vulnerability in group_index.php in Social Groupie allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field).
SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function.
SQL injection vulnerability in Mumbo Jumbo Media OP4 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.
An issue was discovered in Mutare Voice (EVM) 3.x before 3.3.8. The web application suffers from SQL injection on Adminlog.asp, Archivemsgs.asp, Deletelog.asp, Eventlog.asp, and Evmlog.asp.
DedeCMS 5.7 SP2 has SQL Injection via the dede\co_do.php ids parameter.
Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.
SQL injection vulnerability in index.php in PlainCart 1.1.2 allows remote attackers to execute arbitrary SQL commands via the p parameter.
SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action.
SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header ($_SERVER['HTTP_USER_AGENT']).
SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268722 is the identifier assigned to this vulnerability.
SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remote attackers to execute arbitrary SQL commands via the site parameter.
SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: it was later reported that 2.0.1 is also affected.
SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter.
SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
SQL injection vulnerability in tag_board.php in the Tag Board module 4.0 and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.
SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter.
SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
SQL injection vulnerability in tienda.php in BlueCUBE CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
SQL injection vulnerability in member.php in Webmaster Marketplace allows remote attackers to execute arbitrary SQL commands via the u parameter.
SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php.
SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.
SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allow remote attackers to execute arbitrary SQL commands via (1) the f parameter in a showforum action, (2) the u parameter in a profile action, (3) the viewcat parameter, or (4) a combination of scb_uid and scb_ident cookie values.
SQL injection vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to execute arbitrary SQL commands via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter.
SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in showcategory.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the cid parameter.
SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3952. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or (2) password parameter (aka password field). NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show.
SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart) Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter.