SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter.
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php.
kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent().
SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action.
SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) dish.php and (2) menu.php.
SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog 0.7.6 allows remote attackers to execute arbitrary SQL commands via the mod parameter.
SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie.
SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie.
SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action.
SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter.
SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
Multiple SQL injection vulnerabilities in Develop It Easy Membership System 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters to customer_login.php and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php.
Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to vlanedit.php. NOTE: the vlanview.php and vlandel.php vectors are already covered by CVE-2007-6579.
In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection.
Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php).
SQL injection vulnerability in photos.php in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allows remote attackers to execute arbitrary SQL commands via the album parameter.
SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
SQL injection vulnerability in index.php in RSStatic allows remote attackers to execute arbitrary SQL commands via the maxarticles parameter.
SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters.
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1.
SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check.
SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action.
SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vBulletin module, allows remote attackers to execute arbitrary SQL commands via the mapid parameter in a showdetails action to (1) vbgooglemaphse.php and (2) mapa.php.
Hospital Management System v4 was discovered to contain multiple SQL injection vulnerabilities in func1.php via the username3 and password3 parameters.
WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php.
SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page.
SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action to index.php. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213.
pixelpost 1.7.1 has SQL injection
SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system.
SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information.
SQL injection vulnerability in login.php in IP Reg 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the user_name parameter.
SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ver2 RC 2.3.0-rc1 and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.
SQL injection vulnerability in view_news.php in Vastal I-Tech Visa Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
SQL injection vulnerability in category.php in Mosaic Commerce allows remote attackers to execute arbitrary SQL commands via the cid parameter.