[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*


CVE-2004-2754
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.

CVE-2003-1244
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.

CVE-2003-1520
SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.

CVE-2003-1532
SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters.

CVE-2003-1533
SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.

CVE-2003-1530
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.

CVE-2002-0999
Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unauthorized database operations.

CVE-2002-2391
SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.

CVE-2003-1340
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module ...

CVE-2005-2035
SQL injection vulnerability in login.asp for Cool Cafe (Cool Caf��) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password.

CVE-2005-3325
Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary ...

CVE-2005-3497
** DISPUTED ** SQL injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to execute arbitrary SQL commands via the serviceid parameter. NOTE: on 20060210, the vendor disputed this issue, saying "this is 100% false reporting, this is a slander campaign from a cust ...

CVE-2005-3686
SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php.

CVE-2005-3744
SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code suggests that there is no id parameter being handled directly by index.php.

CVE-2005-3748
SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter.

CVE-2005-3840
SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category_id parameter. NOTE: due to a typo, an Internet Explorer issue was incorrectly assigned this identifier, but the correct identifier is CVE- ...

CVE-2005-3877
Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php.

CVE-2005-3881
SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Base Software 2.03 and earlier allows remote attackers to execute arbitrary SQL commands via the searchStr parameter.

CVE-2005-3984
SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.php vector is already covered by CVE-2005-3949.

CVE-2005-4027
SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters.

CVE-2005-4073
SQL injection vulnerability in view_archive.cfm in CFMagic Magic List Pro 2.5 allows remote attackers to execute arbitrary SQL commands via the ListID parameter.

CVE-2005-4199
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; ( ...

CVE-2005-4232
** DISPUTED ** SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the vendor has disputed this issue, saying "The vulnerability is without any basis and did not actually work." CVE has ...

CVE-2005-4228
Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. NO ...

CVE-2005-4244
SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php.

CVE-2005-4263
SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter.

CVE-2005-4315
SQL injection vulnerability in the search function in Plexum PLEXCART X3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly involving the (1) s_itemname and (2) s_orderby parameters to plexcart.pl.

CVE-2005-4478
Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the (2) forumid and (3) reporeid_print parameters to (c) print.php.

CVE-2005-4495
** DISPUTED ** SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the vendor has disputed this issue, stating "This information is incorrect, unproven, and potentially slanderous." However, CVE and OSVDB ...

CVE-2005-4606
SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName para ...

CVE-2005-4632
SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.

CVE-2006-0115
Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp.

CVE-2006-0123
Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and possibly other vectors.

CVE-2006-0602
Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to check.php or the id parameter to (2) admin/edit_smilie.php, (3) admin/add_theme.php, (4) admin/ban_ip.php, (5) admin/add_lang.php, or ...

CVE-2006-1049
Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors.

CVE-2006-2973
Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c.

CVE-2006-3064
SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers.

CVE-2006-3688
SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2006-3960
SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

CVE-2006-5242
SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2006-5957
** DISPUTED ** Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. NOTE: ...

CVE-2006-6706
SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages.

CVE-2006-7247
SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.

CVE-2007-0794
** DISPUTED ** SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function definitions ...

CVE-2007-0789
SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter.

CVE-2007-0875
** DISPUTED ** SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database.

CVE-2007-1573
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.

CVE-2007-3637
SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release action ...

CVE-2007-3652
SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328.

CVE-2007-4095
SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows remote attackers to execute arbitrary SQL commands via a Username field in an unspecified component, probably the FrmUserName parameter in login.asp.

CVE-2007-4552
SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary SQL commands via the blockpage parameter. NOTE: as of 20070827, the vendor has made conflicting statements regarding whether this issue exists or not.

CVE-2007-5150
SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125.

CVE-2007-5151
SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie.

CVE-2007-5220
SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters.

CVE-2007-5371
Multiple SQL injection vulnerabilities in mutate_content.dynamic.php in MODx 0.9.6 allow remote attackers to execute arbitrary SQL commands via the (1) documentDirty or (2) modVariables parameter.

CVE-2007-5430
Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parame ...

CVE-2007-5678
SQL injection vulnerability in the Music module in phpBasic allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to the default URI.

CVE-2007-5766
SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure.

CVE-2007-5951
SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-6014
SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t_dedupe parameter.

CVE-2007-6032
SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter.

CVE-2007-6091
Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field.

CVE-2007-6143
SQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.

CVE-2007-6138
SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information.

CVE-2007-6168
SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio ...

CVE-2007-6275
SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266.

CVE-2007-6342
SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.

CVE-2007-6380
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) mya ...

CVE-2007-6469
SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qutoes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.

CVE-2007-6484
SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2007-6491
Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.a ...

CVE-2007-6540
SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/.

CVE-2007-6559
Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php.

CVE-2007-6670
SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter.

CVE-2007-6719
SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2007-6727
SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows remote attackers to execute arbitrary SQL commands via the forum parameter.

CVE-2008-0385
SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with (1) statprt/js/request or (2) dyn/js/request in the PATH_INFO.

CVE-2008-0504
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authen ticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.

CVE-2008-0651
SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-0650
SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-0685
SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.

CVE-2008-0738
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTiers.asp and (b) ajax_getCust.asp in ajax/, and the (2) tableName parameter to (c) ajax/ajax_tableFiel ...

CVE-2008-0739
SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the FedExAccount parameter.

CVE-2008-0754
Multiple SQL injection vulnerabilities in index.php in the Rapid Recipe (com_rapidrecipe) 1.6.5 component for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a showuser action or (2) the category_id parameter in a viewcategorysrecipes action.

CVE-2008-0753
SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter.

CVE-2008-0789
SQL injection vulnerability in countdown.php in LI-Scripts LI-Countdown allows remote attackers to execute arbitrary SQL commands via the years parameter.

CVE-2008-0785
Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.ph ...

CVE-2008-0810
SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0816
SQL injection vulnerability in the com_sg component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the pid parameter in an order task.

CVE-2008-0825
SQL injection vulnerability in Claroline before 1.8.9 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-0850
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Re ...

CVE-2008-0846
SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.

CVE-2008-0855
SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

CVE-2008-0853
SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE.

CVE-2008-0936
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.

CVE-2008-0937
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811.

CVE-2008-1050
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.

CVE-2008-1065
Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely f ...

CVE-2008-1308
SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php.

CVE-2008-1341
SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-1464
Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) query parameter to (a) search.php; (2) gusername and (3) gpassword parameters to (b) login.php; and the (4) username and (5) password parameters to (c) gadmin/in ...

CVE-2008-1494
SQL injection vulnerability in inc/module/online.php in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a user details action, a different vector than CVE-2008-1425.

CVE-2008-2429
Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and vector 2 might overlap CV ...

CVE-2008-2858
SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-2995
Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via (1) the annuaire parameter to annuaire.php or (2) the username field in admin/login.php.

CVE-2008-3070
Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection.

CVE-2008-3590
Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-3754
SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3888
SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a member_details action.

CVE-2008-3965
SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field.

CVE-2008-4055
SQL injection vulnerability in tops_top.php in Million Pixel Ad Script (Million Pixel Script) allows remote attackers to execute arbitrary SQL commands via the id_cat parameter.

CVE-2008-4171
SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter.

CVE-2008-4655
SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-4656
SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-4657
SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-4658
SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-4659
SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-5037
SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

CVE-2008-5087
SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-5609
SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-5707
SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter.

CVE-2008-5923
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter.

CVE-2008-5924
SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-5960
SQL injection vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to execute arbitrary SQL commands via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informatio ...

CVE-2008-6038
SQL injection vulnerability in index.php in MapCal 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an editevent action, possibly related to dsp_editevent.php.

CVE-2008-6046
SQL injection vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) opt_in_out.php.inc, (2) confirmation.php.inc, and (3) renewal.php.inc in mailinglist/.

CVE-2008-6040
SQL injection vulnerability in index.php in Arcadem Pro 2.700 through 2.802 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter, probably related to includes/articleblock.php.

CVE-2008-6043
Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow remote attackers to execute arbitrary SQL commands via the (1) order_field and (2) order_type parameters to categories.php and unspecified other components. NOTE: some of these details are obtained from third party information.

CVE-2008-6104
SQL injection vulnerability in A4Desk PHP Event Calendar allows remote attackers to execute arbitrary SQL commands via the eventid parameter to admin/index.php.

CVE-2008-6124
SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.

CVE-2008-6145
Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-6344
SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-6338
SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-6463
SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-6596
SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-6728
SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.

CVE-2008-6802
Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-6992
GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.

CVE-2008-6990
SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-6986
SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the products_id array parameter in a multiple_products_add_pro ...

CVE-2008-7120
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter.

CVE-2008-7145
Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters.

CVE-2008-7302
SQL injection vulnerability in netinvoice.php in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving "knowledge of ... the contents of an encrypted file."

CVE-2009-0121
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-0287
SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password.

CVE-2009-0429
Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php.

CVE-2009-0431
SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter.

CVE-2009-0479
Multiple SQL injection vulnerabilities in admin/admin_login.php in Online Grades 3.2.4 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information ...

CVE-2009-0543
ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.

CVE-2009-0741
SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginName parameter.

CVE-2009-0829
Multiple SQL injection vulnerabilities in QuoteBook allow remote attackers to execute arbitrary SQL commands via the (1) MyBox and (2) selectFavorites parameters to (a) quotes.php and the (3) QuoteName and (4) QuoteText parameters to (b) quotesadd.php. NOTE: the provenance of this information is un ...

CVE-2009-0882
Multiple SQL injection vulnerabilities in nForum 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to showtheme.php and the (2) user parameter to userinfo.php.

CVE-2009-1433
SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter.

CVE-2009-1468
Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.

CVE-2009-1585
Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_password parameters to login.php. NOTE: the provenance of this information is unknown; the details are o ...

CVE-2009-1851
SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-1909
SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-2082
SQL injection vulnerability in insidepage.php in Creative Web Solutions Multi-Level CMS 1.21 allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: some of these details are obtained from third party information.

CVE-2009-2097
SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog (aka Smart Catalog) allows remote attackers to execute arbitrary SQL commands via the search_text parameter. NOTE: some of these details are obtained from third party information.

CVE-2009-2106
SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-2103
SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-2105
SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-2128
SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the title (aka subject) field.

CVE-2009-2144
SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-2269
SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/.

CVE-2009-2290
SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php.

CVE-2009-2345
Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components.

CVE-2009-2354
SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter.

CVE-2009-2359
Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or (2) the command-line client, as demonstrated by a certain trcli -r command.

CVE-2009-2388
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtPassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-2427
SQL injection vulnerability in co-profile.php in Jobbr 2.2.7 allows remote attackers to execute arbitrary SQL commands via the emp_id parameter.

CVE-2009-2428
Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors.

CVE-2009-2423
SQL injection vulnerability in category.php in Ebay Clone 2009 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter in a list action.

CVE-2009-2436
SQL injection vulnerability in page.php in Online Dating Software MyPHPDating 1.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.

CVE-2009-2439
Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by ...

CVE-2009-2616
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions SitePal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-2619
SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-2612
SQL injection vulnerability in login.aspx in ProSMDR allows remote attackers to execute arbitrary SQL commands via the txtUser parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-2614
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions LinkPal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-2776
SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute arbitrary SQL commands via the catid parameter.

CVE-2009-2779
SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action.

CVE-2009-2915
SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action.

CVE-2009-2933
SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter.

CVE-2009-3040
Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php.

CVE-2009-3059
Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php.

CVE-2009-3061
SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.

CVE-2009-3082
SQL injection vulnerability in wcategory.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-3118
SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the comtext parameter, in conjunction with crafted comname and comtitle parameters, in a poll action to index.php, related to incorrect ...

CVE-2009-3119
SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter.

CVE-2009-3125
SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

CVE-2009-3165
SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

CVE-2009-3184
Multiple SQL injection vulnerabilities in index.php in Pirates of The Caribbean in the E-Gold Game Series allow remote attackers to execute arbitrary SQL commands via the (1) x and (2) y parameters.

CVE-2009-3226
SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action. NOTE: some of these details are obtained from third pa ...

CVE-2009-3319
SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018.

CVE-2009-3337
SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry.

CVE-2009-3418
Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manag ...

CVE-2009-3439
Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in ...

CVE-2009-3443
SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php.

CVE-2009-3491
SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php.

CVE-2009-3503
Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters.

CVE-2009-3504
SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2009-3500
Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to main.php and (2) game_id parameter to game.php.

CVE-2009-3502
SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 allows remote attackers to execute arbitrary SQL commands via the music_id parameter.

CVE-2009-3499
SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2009-3495
SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465.

CVE-2009-3497
SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2009-3498
SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.

CVE-2009-3642
Multiple SQL injection vulnerabilities in the Call Logging feature in FrontRange HEAT 8.01 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

CVE-2009-3644
SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php.

CVE-2009-3645
SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php.

CVE-2009-3703
Multiple SQL injection vulnerabilities in the WP-Forum plugin before 2.4 for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the search_max parameter in a search action to the default URI, related to wpf.class.php; (2) the forum parameter to an unspecified component, relat ...

CVE-2009-3804
Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter.

CVE-2009-3806
SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter.

CVE-2009-3801
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-3813
Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the (1) forum parameter to modules/forum/post.php and possibly (2) forum_id variable to modules/forum/class/class.permissions.php.

CVE-2009-3820
SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-3961
SQL injection vulnerability in user.php in Super Serious Stats (aka superseriousstats) before 1.1.2p1 allows remote attackers to execute arbitrary SQL commands via the uid parameter, related to an "incorrect regexp." NOTE: some of these details are obtained from third party information.

CVE-2009-3974
Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/ ...

CVE-2009-4015
Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x before 2.3.2 allows remote attackers to execute arbitrary commands via shell metacharacters in filename arguments.

CVE-2009-4037
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5 ...

CVE-2009-4046
Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) bank_accounts.php, (2) currencies.php, (3) exchange_rates.php, (4) gl_account_types.php, and (5) gl_accounts.php in gl/manage/ ...

CVE-2009-4045
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/man ...

CVE-2009-4070
SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly other versions allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2009-4104
SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php.

CVE-2009-4155
Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote attackers to execute arbitrary SQL commands via the sitebid parameter to (1) home-f.asp and (2) opinions-f.asp; (3) sitebid, (4) id, (5) secText, (6) client-ip, and (7) G_id parameters to more-f.asp; (8) sitebid, (9) id, (10) ma_ ...

CVE-2009-4158
SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4166
SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4163
SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4165
SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4217
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained so ...

CVE-2009-4238
Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the Test Case ID field to lib/general/navBar.php or (2) the logLevel parameter to lib/events/eventviewer.php.

CVE-2009-4296
SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4305
SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."

CVE-2009-4350
SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 allows remote attackers to execute arbitrary SQL commands via the (1) matchings[id] or (2) matchings[title] parameters in a Login action to an unspecified program, or (3) the matchings[id] parameter in a search action to index.ph ...

CVE-2009-4375
SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter.

CVE-2009-4386
SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors.

CVE-2009-4380
Multiple SQL injection vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-2925.

CVE-2009-4394
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4393
SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4396
SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4390
SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4392
SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4401
SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4399
SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4430
SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action.

CVE-2009-4432
SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action.

CVE-2009-4456
SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2009-4470
SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remote attackers to execute arbitrary SQL commands via the groupboardid parameter.

CVE-2009-4499
SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c.

CVE-2009-4595
SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the sup_id parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information ...

CVE-2009-4613
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-4650
SQL injection vulnerability in the Webee Comments (com_webeecomment) component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party informati ...

CVE-2009-4689
SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

CVE-2009-4691
SQL injection vulnerability in addlink.php in Classified Linktrader Script allows remote attackers to execute arbitrary SQL commands via the slctCategories parameter.

CVE-2009-4708
SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4703
SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4702
SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4701
SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4709
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4718
SQL injection vulnerability in visitorduration.php in Gonafish WebStatCaffe allows remote attackers to execute arbitrary SQL commands via the nodayshow parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-4710
SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4712
SQL injection vulnerability in index.php in Tukanas Classifieds (aka EasyClassifieds) Script 1.0 allows remote attackers to execute arbitrary SQL commands via the b parameter.

CVE-2009-4711
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686.

CVE-2009-4720
SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.

CVE-2009-4745
Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) sortField, (2) sortDesc, or (3) pageNumber parameter in a login action.

CVE-2009-4783
Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to execute arbitrary SQL commands via the start parameter to (1) forum.php and (2) thread.php in community/, and (3) blog/index.php.

CVE-2009-4784
SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php.

CVE-2009-4785
SQL injection vulnerability in the Quick News (com_quicknews) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a view_item action to index.php.

CVE-2009-4794
Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to view.php and the (2) a parameter in an event action to calendar.php, reachable through index.php.

CVE-2009-4802
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4803
SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4838
SQL injection vulnerability in base_ag_common.php in Basic Analysis and Security Engine (BASE) before 1.4.3.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information.

CVE-2009-4949
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4955
SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4954
SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4950
SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4959
SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4967
SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4966
SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4968
SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4965
SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4969
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4979
Multiple SQL injection vulnerabilities in search.php in Photokorn Gallery 1.81 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) where[], (2) sort, (3) order, and (4) Match parameters.

CVE-2009-4970
SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4971
SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-5102
SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.

CVE-2010-0139
Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.2, and possibly 5 does not properly validate SQL commands, which allows remote attackers to create, modify, or delete data in a database via unspecified vectors, aka Bug ID CSCtc39691.

CVE-2010-0158
** DISPUTED ** SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php. NOTE: the vendor disputes this report ...

CVE-2010-0330
SQL injection vulnerability in the Googlemaps for tt_news (jf_easymaps) extension 1.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0329
SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."

CVE-2010-0324
SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0322
SQL injection vulnerability in the init function in MK-AnydropdownMenu (mk_anydropdownmenu) extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0332
SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0339
SQL injection vulnerability in the User Links (vm19_userlinks) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0337
SQL injection vulnerability in the tt_news Mail alert (dl3_tt_news_alerts) extension 0.2.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0338
SQL injection vulnerability in the TT_Products editor (ttpedit) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0333
SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0334
SQL injection vulnerability in the Vote rank for news (vote_for_tt_news) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0342
SQL injection vulnerability in the Reports for Job (job_reports) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0343
SQL injection vulnerability in the Clan Users List (pb_clanlist) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0340
SQL injection vulnerability in the MJS Event Pro (mjseventpro) extension 0.2.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0341
SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0344
SQL injection vulnerability in the zak_store_management extension 1.0.0 and earlier TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0377
SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: some of these details are obtained from third party information.

CVE-2010-0381
SQL injection vulnerability in modules/arcade/index.php in PHP MySpace Gold Edition 8.0 and 8.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a show_stats action. NOTE: the provenance of this information is unknown; the details are obtained solely from third pa ...

CVE-2010-0404
Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before 0.9.16.016 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) class.sessions_db.inc.php, (2) class.translation_sql.inc.php, or (3) class.auth_sql.inc.php in phpgwapi/inc/.

CVE-2010-0400
SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows remote attackers to execute arbitrary SQL commands via a username.

CVE-2010-0438
Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in OTRS-Core in Open Ticket Request System (OTRS) 2.1.x before 2.1.9, 2.2.x before 2.2.9, 2.3.x before 2.3.5, and 2.4.x before 2.4.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0454
SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in Publique! 2.3 allows remote attackers to execute arbitrary SQL commands via the sid parameter.

CVE-2010-0471
SQL injection vulnerability in the comment submission interface (includes/comment.php) in Enano CMS before 1.0.6pl1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.

CVE-2010-0609
SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the nova_name cookie parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2010-0608
SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter in a search action.

CVE-2010-0605
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter.

CVE-2010-0635
SQL injection vulnerability in the plgSearchEventsearch::onSearch method in eventsearch.php in the JEvents Search plugin 1.5 through 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party informa ...

CVE-2010-0631
Multiple SQL injection vulnerabilities in index.php in Eicra Car Rental-Script, when the plugin_id parameter is 4, allow remote attackers to execute arbitrary SQL commands via the (1) users (username) and (2) passwords parameters.

CVE-2010-0673
SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter.

CVE-2010-0671
SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a niusy action.

CVE-2010-0677
SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter.

CVE-2010-0692
SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) Component 0.2.3, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information.

CVE-2010-0691
SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows remote attackers to execute arbitrary SQL commands via the s parameter.

CVE-2010-0710
SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 Build 103, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the newsid parameter when the sec parameter is 26. NOTE: the provenance of this information is unknown; the details are obtain ...

CVE-2010-0724
SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-0763
SQL injection vulnerability in index.php in CommodityRentals Vacation Rental Software allows remote attackers to execute arbitrary SQL commands via the rental_id parameter in a CalendarView action.

CVE-2010-0798
SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0802
SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.

CVE-2010-0956
SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2010-0968
SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 allows remote attackers to execute arbitrary SQL commands via the click parameter.

CVE-2010-1009
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-1006
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-1004
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-1013
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-1012
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-1010
SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-1019
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-1017
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-1018
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-1015
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-1016
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-1046
Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) userid (username) and (2) password parameters.

CVE-2010-1045
SQL injection vulnerability in the Productbook (com_productbook) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: some of these details are obtained from third party information.

CVE-2010-1049
Multiple SQL injection vulnerabilities in Uiga Business Portal allow remote attackers to execute arbitrary SQL commands via the (1) noentryid parameter to blog/index.php and the (2) p parameter to index2.php.

CVE-2010-1050
SQL injection vulnerability in index.php in AudiStat 1.3 allows remote attackers to execute arbitrary SQL commands via the mday parameter.

CVE-2010-1054
Multiple SQL injection vulnerabilities in ParsCMS allow remote attackers to execute arbitrary SQL commands via the RP parameter to (1) fa_default.asp and (2) en_default.asp.

CVE-2010-1051
Multiple SQL injection vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) month parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2010-1069
SQL injection vulnerability in games/game.php in ProArcadeScript allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-1075
SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to execute arbitrary SQL commands via the subj parameter.

CVE-2010-1089
SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-1093
SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a vp action.

CVE-2010-1096
Multiple SQL injection vulnerabilities in searchmatch.php in ScriptsFeed Dating Software allow remote attackers to execute arbitrary SQL commands via the (1) txtgender and (2) txtlookgender parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third p ...

CVE-2010-1265
SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

CVE-2010-1277
SQL injection vulnerability in the user.authenticate method in the API in Zabbix 1.8 before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the user parameter in JSON data to api_jsonrpc.php.

CVE-2010-1365
SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.

CVE-2010-1366
Multiple SQL injection vulnerabilities in admin/admin_login.php in Uiga Fan Club 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin_name and (2) admin_password parameters.

CVE-2010-1364
SQL injection vulnerability in index.php in Uiga Personal Portal, as downloaded on 20100301, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. NOTE: some of these details are obtained from third party information.

CVE-2010-1369
SQL injection vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the email parameter.

CVE-2010-1359
SQL injection vulnerability in bluegate_seo.inc.php in the Direct URL module for xt:Commerce, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the coID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely fro ...

CVE-2010-1370
SQL injection vulnerability in detailad.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the siteid parameter.

CVE-2010-1431
SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.

CVE-2010-1463
Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the (1) add2cart, (2) c_id, (3) categoryID, (4) list_price, (5) name, (6) new_offer, (7) price, (8) product_code, (9) productID, (10) rating, and (11) save_product parameters.

CVE-2010-1468
SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php.

CVE-2010-1480
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information.

CVE-2010-1479
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php.

CVE-2010-1477
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_sermons action to index.php.

CVE-2010-1521
SQL injection vulnerability in include/classes/tzn_user.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to execute arbitrary SQL commands via the password parameter to login.php.

CVE-2010-1559
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopup action to index.php. NOTE: some of these details are obtained from third party information.

CVE-2010-1615
Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to ...

CVE-2010-1654
Multiple SQL injection vulnerabilities in system_member_login.php in Infocus Real Estate Enterprise Edition allow remote attackers to execute arbitrary SQL commands via the (1) username (aka login) and (2) password parameters. NOTE: some of these details are obtained from third party information.

CVE-2010-1701
SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2010-1705
SQL injection vulnerability in casting_view.php in Modelbook allows remote attackers to execute arbitrary SQL commands via the adnum parameter.

CVE-2010-1857
SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prod parameter in a products.details action. NOTE: the provenance of this information is unknown; the details are obtained sole ...

CVE-2010-1859
SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when adding a new thread.

CVE-2010-1863
SQL injection vulnerability in the shoutbox module (modules/shoutbox.php) in ClanTiger 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the s_email parameter.

CVE-2010-1925
SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817.

CVE-2010-1918
SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter.

CVE-2010-1949
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information.

CVE-2010-1950
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter to index.php. NOTE: the provenance of this information is unknown; the de ...

CVE-2010-2015
Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a view_inbox action to cp/cp_messages.php or (2) the id parameter to cp/edit_email.php.

CVE-2010-2012
SQL injection vulnerability in function.php in MigasCMS 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo action. NOTE: some of these details are obtained from third party information.

CVE-2010-2019
SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2010-2042
SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-2051
SQL injection vulnerability in article.php in Debliteck DBCart allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-2095
SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.

CVE-2010-2092
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the v ...

CVE-2010-2131
SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data.

CVE-2010-2139
SQL injection vulnerability in pages.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2010-2140
SQL injection vulnerability in itemdetail.php in Multishop CMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2010-2257
SQL injection vulnerability in index_ie.php in Pay Per Minute Video Chat Script 2.0 and 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2010-2254
SQL injection vulnerability in the Shape5 Bridge of Hope template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.

CVE-2010-2255
SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) component before 1.3.1, BF Survey Pro Free (com_bfsurvey_profree) component 1.2.6, and BF Survey Basic component before 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. ...

CVE-2010-2312
SQL injection vulnerability in index.php in HauntmAx Haunted House Directory Listing CMS allows remote attackers to execute arbitrary SQL commands via the state parameter in a listings action.

CVE-2010-2317
Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp.

CVE-2010-2319
SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2010-2342
SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady Online Notebook Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.

CVE-2010-2340
SQL injection vulnerability in members.php in Arab Portal 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the by parameter in the msearch action.

CVE-2010-2335
SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter.

CVE-2010-2508
SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter.

CVE-2010-2510
SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter.

CVE-2010-2516
Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketing (MLM) Software allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) index.php and (2) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely f ...

CVE-2010-2515
Multiple SQL injection vulnerabilities in index.php in the JFaq (com_jfaq) component 1.2 for Joomla!, when magic_quotes_gpc is disabled, allow (1) remote attackers to execute arbitrary SQL commands via the id parameter, and (2) remote authenticated users with "Public Front-end" permissions to execut ...

CVE-2010-2513
SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.

CVE-2010-2512
SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-2511
SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter.

CVE-2010-2577
Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow remote attackers to execute arbitrary SQL commands via the title parameter to (1) storyrss.php or (2) story.php.

CVE-2010-2614
SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit_page action.

CVE-2010-2673
SQL injection vulnerability in profile_view.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-2672
Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.

CVE-2010-2679
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

CVE-2010-2678
SQL injection vulnerability in xmap (com_xmap) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

CVE-2010-2690
SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) component 1.0.2, and possibly earlier, for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a consoles action to index.php.

CVE-2010-2686
Multiple SQL injection vulnerabilities in clientes.asp in the TopManage OLK module 1.91.30 for SAP allow remote attackers to execute arbitrary SQL commands via the (1) PriceFrom, (2) PriceTo, and (3) InvFrom parameters, as reachable from olk/c_p/searchCart.asp, and other unspecified vectors when per ...

CVE-2010-2683
SQL injection vulnerability in result.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the sub_catid parameter.

CVE-2010-2689
SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS allows remote attackers to execute arbitrary SQL commands via the cf_id parameter.

CVE-2010-2694
SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php.

CVE-2010-2699
SQL injection vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to execute arbitrary SQL commands via the search parameter.

CVE-2010-2826
SQL injection vulnerability in Cisco Wireless Control System (WCS) 6.0.x before 6.0.196.0 allows remote authenticated users to execute arbitrary SQL commands via vectors related to the ORDER BY clause of the Client List screens, aka Bug ID CSCtf37019.

CVE-2010-2855
Multiple SQL injection vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) YourEmail and (2) VerificationNumber parameters. NOTE: the provenance of this information is unknown; the deta ...

CVE-2010-3013
SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the role parameter, a different vulnerability than CVE-2010-2577.

CVE-2010-3027
SQL injection vulnerability in index.php in Tycoon Baseball Script 1.0.9 allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a game_player action.

CVE-2010-3029
SQL injection vulnerability in statistics.php in PHPKick 0.8 allows remote attackers to execute arbitrary SQL commands via the gameday parameter in an overview action.

CVE-2010-3076
The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via the username parameter to the admin login page.

CVE-2010-3267
Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bu ...

CVE-2010-3422
SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

CVE-2010-3428
SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action.

CVE-2010-3485
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. NOTE: the provenance of this information is unknown; the details are obtained solely from third ...

CVE-2010-3484
SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593.

CVE-2010-3482
Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters. NOTE: this can be leveraged with CVE-2010-3483 to conduct attacks without authentication.

CVE-2010-3604
SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-3601
SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter.

CVE-2010-3608
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) password (pw) parameters to (a) admin.php or (b) user.php.

CVE-2010-3922
SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-4143
SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-4152
SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646.

CVE-2010-4166
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via (1) the filter_order parameter in a com_weblinks category action to index.php, (2) the filter_order_Dir parameter in a com_weblinks category action to index.php, or (3) ...

CVE-2010-4185
SQL injection vulnerability in index.php in Energine, possibly 2.3.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the NRGNSID cookie.

CVE-2010-4271
SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-4298
SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php.

CVE-2010-4284
SQL injection vulnerability in the authentication form in the integrated web server in the Data Management Server (DMS) before 1.4.3 in Samsung Integrated Management System allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-4280
Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an operation/agentes/estado_agente action to ind ...

CVE-2010-4360
Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from thir ...

CVE-2010-4363
Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) email parameters in a showtickets action.

CVE-2010-4362
Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp.

CVE-2010-4357
SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter.

CVE-2010-4356
SQL injection vulnerability in news_default.asp in Site2Nite Big Truck Broker allows remote attackers to execute arbitrary SQL commands via the txtSiteId parameter.

CVE-2010-4359
SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.

CVE-2010-4365
SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php.

CVE-2010-4400
SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter.

CVE-2010-4404
SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-4500
Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) subject, and (4) message parameters in a sendmess action. NOTE: the provenance of th ...

CVE-2010-4505
Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) un and (2) pw parameters.

CVE-2010-4503
SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action.

CVE-2010-4517
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php.

CVE-2010-4609
SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action.

CVE-2010-4614
SQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723.

CVE-2010-4632
Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the articl ...

CVE-2010-4638
SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php.

CVE-2010-4703
SQL injection vulnerability in default.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PageId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2010-4696
Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. NOTE: the provenance of this ...

CVE-2010-4721
SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-4720
SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the view item page.

CVE-2010-4736
SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the ECO_ID parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-4735
SQL injection vulnerability in shoppingcart.asp in Ecommercemax Solutions Digital-goods seller (DGS) 1.5 allows remote attackers to execute arbitrary SQL commands via the d parameter.

CVE-2010-4739
SQL injection vulnerability in the Maian Media Silver (com_maianmedia) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a music action to index.php.

CVE-2010-4738
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.

CVE-2010-4737
SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropResort parameter.

CVE-2010-4771
SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-4770
SQL injection vulnerability in index.php in CommodityRentals DVD Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.

CVE-2010-4774
SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171.

CVE-2010-4784
Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

CVE-2010-4782
Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than ...

CVE-2010-4780
SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these de ...

CVE-2010-4829
SQL injection vulnerability in processview.asp in Techno Dreams (T-Dreams) Cars Ads Package 2.0 allows remote attackers to execute arbitrary SQL commands via the key parameter.

CVE-2010-4830
SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno Dreams (T-Dreams) Job Career Package 3.0 allows remote attackers to execute arbitrary SQL commands via the z_Residency parameter.

CVE-2010-4834
Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the se ...

CVE-2010-4826
SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 allows remote attackers to execute arbitrary SQL commands via the M_NAME parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-4839
SQL injection vulnerability in the Event Registration plugin 5.32 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the event_id parameter in a register action.

CVE-2010-4838
SQL injection vulnerability in the JSupport (com_jsupport) component 1.5.6 for Joomla! allows remote authenticated users, with Public Back-end permissions, to execute arbitrary SQL commands via the alpha parameter in a (1) listTickets or (2) listFaqs action to administrator/index.php.

CVE-2010-4842
SQL injection vulnerability in admin/login.php in MHP DownloadScript (aka MH Products Download Center) 2.2 allows remote attackers to execute arbitrary SQL commands via the Name parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-4851
Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote attackers to execute arbitrary SQL commands via the (1) ref or (2) poll_id parameter to index.php, or the (3) country parameter to create_account.php.

CVE-2010-4859
SQL injection vulnerability in index.php in WebAsyst Shop-Script allows remote attackers to execute arbitrary SQL commands via the blog_id parameter in a news action.

CVE-2010-4856
SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the tarih parameter.

CVE-2010-4855
SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote attackers to execute arbitrary SQL commands via the makale_id parameter.

CVE-2010-4849
SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B 3.4 allows remote attackers to execute arbitrary SQL commands via the es_id parameter.

CVE-2010-4864
SQL injection vulnerability in the Club Manager (com_clubmanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cm_id parameter in an equip presenta action to index.php.

CVE-2010-4887
SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-4876
SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows remote attackers to execute arbitrary SQL commands via the postID parameter.

CVE-2010-4897
SQL injection vulnerability in comment.php in BlueCMS 1.6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header in a send action.

CVE-2010-4891
SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-4898
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php.

CVE-2010-4888
SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-4906
SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 and 1.3.1.2 allows remote attackers to execute arbitrary SQL commands via the a parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-4902
Multiple SQL injection vulnerabilities in the Clantools (com_clantools) component 1.2.3 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) squad or (2) showgame parameter to index.php.

CVE-2010-4903
SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote attackers to execute arbitrary SQL commands via the searchStr parameter.

CVE-2010-4904
SQL injection vulnerability in the Aardvertiser (com_aardvertiser) component 2.1 and 2.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_name parameter in a view action to index.php. NOTE: some of these details are obtained from third party information.

CVE-2010-4905
SQL injection vulnerability in article_details.php in Softbiz Article Directory Script allows remote attackers to execute arbitrary SQL commands via the sbiz_id parameter.

CVE-2010-4922
Multiple SQL injection vulnerabilities in Allinta CMS 22.07.2010 allow remote attackers to execute arbitrary SQL commands via the i parameter in an edit action to (1) contentAE.asp or (2) templatesAE.asp.

CVE-2010-4923
SQL injection vulnerability in book/detail.php in Virtue Netz Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the bid parameter.

CVE-2010-4926
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.

CVE-2010-4927
SQL injection vulnerability in the Restaurant Guide (com_restaurantguide) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a country action to index.php.

CVE-2010-4929
SQL injection vulnerability in the Joostina (com_ezautos) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the firstCode parameter in a helpers action to index.php.

CVE-2010-4933
SQL injection vulnerability in filemgmt/singlefile.php in Geeklog 1.3.8 allows remote attackers to execute arbitrary SQL commands via the lid parameter.

CVE-2010-4934
SQL injection vulnerability in video.php in Get Tube 4.51 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-4935
SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sid parameter.

CVE-2010-4936
SQL injection vulnerability in the Slide Show (com_slideshow) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

CVE-2010-4937
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php.

CVE-2010-4938
SQL injection vulnerability in the Weblinks (com_weblinks) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a categories action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third par ...

CVE-2010-4950
SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-4946
SQL injection vulnerability in product_info.php in ALLPC 2.5 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.

CVE-2010-4941
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.

CVE-2010-4958
SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2010-4963
SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter.

CVE-2010-4970
SQL injection vulnerability in handlers/getpage.php in Wiki Web Help 0.28 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-4968
SQL injection vulnerability in the webmaster-tips.net Flash Gallery (com_wmtpic) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

CVE-2010-4969
SQL injection vulnerability in articlesdetails.php in BrotherScripts (BS) Business Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-4986
SQL injection vulnerability in detail.php in Simple Document Management System (SDMS) allows remote attackers to execute arbitrary SQL commands via the doc_id parameter.

CVE-2010-4983
SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-5000
SQL injection vulnerability in login/login_index.php in MCLogin System 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the myusername parameter (aka Username field) in a do_login action. NOTE: some of these details are obtained from third party information.

CVE-2010-5004
SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter.

CVE-2010-4997
SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter in a product action.

CVE-2010-5008
SQL injection vulnerability in pages/contact_list_mail_form.asp in BrightSuite Groupware 5.4 allows remote attackers to execute arbitrary SQL commands via the ContactID parameter.

CVE-2010-5006
SQL injection vulnerability in googlemap/index.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the cat1 parameter.

CVE-2010-5020
SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2010-5022
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.

CVE-2010-5024
SQL injection vulnerability in manage/add_user.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote authenticated users, with Read privileges, to execute arbitrary SQL commands via the user_id parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-5029
SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the show parameter in a web action.

CVE-2010-5019
SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.

CVE-2010-5037
SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the article_id parameter.

CVE-2010-5053
SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php.

CVE-2010-5049
SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the nav_time parameter.

CVE-2010-5063
SQL injection vulnerability in article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers to execute arbitrary SQL commands via the ratearticleselect parameter.

CVE-2010-5059
SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action.

CVE-2010-5096
** DISPUTED ** Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, ...

CVE-2011-0432
Multiple SQL injection vulnerabilities in the get_userinfo method in the MySQLAuthHandler class in DAVServer/mysqlauth.py in PyWebDAV before 0.9.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) user or (2) pw argument. NOTE: some of these details are obtained from third part ...

CVE-2011-0519
SQL injection vulnerability in gallery.php in Gallarific PHP Photo Gallery script 2.1 and possibly other versions allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2011-1048
SQL injection vulnerability in product.php in MihanTools 1.33 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2011-1047
Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to index.php, which is not properly handled by wpf.class.php, (2) id para ...

CVE-2011-1480
SQL injection vulnerability in admin.php in the administration backend in Francisco Burzi PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the chng_uid parameter.

CVE-2011-1522
Multiple SQL injection vulnerabilities in the Doctrine\DBAL\Platforms\AbstractPlatform::modifyLimitQuery function in Doctrine 1.x before 1.2.4 and 2.x before 2.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset field.

CVE-2011-1557
SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than CVE-2011-1546. NOTE: the provenance of this information is unknown; the details are obtained solely f ...

CVE-2011-1555
SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. NOTE: some of these details are obtained from third party information.

CVE-2011-1903
SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2011-1915
SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2011-2181
Multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC) 3.3-rc2 allow remote attackers to execute arbitrary SQL commands via the (1) arsc_user parameter to base/admin/edit_user.php, (2) arsc_layout_id parameter in base/admin/edit_layout.php, or (3) arsc_room parameter to base/admin/edi ...

CVE-2011-2751
SQL injection vulnerability in Parodia before 6.809 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2011-2917
SQL injection vulnerability in administrator/index2.php in Mambo CMS 4.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the zorder parameter.

CVE-2011-3340
SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.

CVE-2011-3394
SQL injection vulnerability in findagent.php in MYRE Real Estate Software allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2011-3688
Multiple SQL injection vulnerabilities in Sonexis ConferenceManager 9.3.14.0 allow remote attackers to execute arbitrary SQL commands via (1) the g parameter to Conference/Audio/AudioResourceContainer.asp or (2) the txtConferenceID parameter to Login/HostLogin.asp.

CVE-2011-4215
SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable.

CVE-2011-4292
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.

CVE-2011-4349
Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) cd-device-db.c in colord before 0.1.15 allow local users to execute arbitrary SQL commands via vectors related to color devices and (a) device id, (b) property, or (c) profile id.

CVE-2011-4448
SQL injection vulnerability in actions/usersettings/usersettings.php in WikkaWiki 1.3.1 and 1.3.2 allows remote attackers to execute arbitrary SQL commands via the default_comment_display parameter in an update action.

CVE-2011-4487
SQL injection vulnerability in Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x before 7.1(5b)su5, 8.0 before 8.0(3a)su3, and 8.5 and 8.6 before 8.6(2a)su1 and Cisco Business Edition 3000 with software before 8.6.3 and 5000 and 6000 with software before 8.6(2a)su1 allows remote ...

CVE-2011-4521
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input.

CVE-2011-4542
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.

CVE-2011-4638
Multiple SQL injection vulnerabilities in SpamTitan WebTitan before 3.60 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to login-x.php, and allow remote authenticated users to execute arbitrary SQL commands via the (2) bldomain, (3) wldomain, or (4) temid par ...

CVE-2011-4671
SQL injection vulnerability in adrotate/adrotate-out.php in the AdRotate plugin 3.6.6, and other versions before 3.6.8, for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter (aka redirect URL).

CVE-2011-4710
Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 allow remote attackers to execute arbitrary SQL commands via the (1) pixie_user parameter and (2) Referer HTTP header in a request to the default URI.

CVE-2011-4811
SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter.

CVE-2011-4808
SQL injection vulnerability in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a fnd_home action to index.php.

CVE-2011-4801
SQL injection vulnerability in akeyActivationLogin.do in Authenex Web Management Control in Authenex Strong Authentication System (ASAS) Server 3.1.0.2 and 3.1.0.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.

CVE-2011-4802
Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sortfield, (2) sortorder, and (3) sall parameters to user/index.php and (b) user/group/index.php; the id parameter to (4) info.php, (5) perm ...

CVE-2011-4803
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2011-4823
Multiple SQL injection vulnerabilities in Vik Real Estate (com_vikrealestate) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) contract parameter in a results action and (2) imm parameter in a show action to index.php.

CVE-2011-4826
SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information.

CVE-2011-4829
SQL injection vulnerability in the com_listing component in Barter Sites component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter to index.php.

CVE-2011-4949
SQL injection vulnerability in phpgwapi/js/dhtmlxtree/samples/with_db/loaddetails.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2011-4959
SQL injection vulnerability in the addslashes method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6, when connected to a MySQL database using far east character encodings, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2011-4960
SQL injection vulnerability in the Folder::findOrMake method in SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2011-5022
SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter.

CVE-2011-5071
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) searc ...

CVE-2011-5072
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to portal/kb.php; (2) contractid parameter to contract_add_service.php; (3) id parameter to edit_escalation_path.php; (4) unl ...

CVE-2011-5076
SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information.

CVE-2011-5112
SQL injection vulnerability in Alameda (com_alameda) component before 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the storeid parameter to index.php.

CVE-2011-5116
SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, 5.11.2, and earlier allows remote attackers to execute arbitrary SQL commands via the loggedInUser cookie.

CVE-2011-5113
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.

CVE-2011-5169
SQL injection vulnerability in sgms/reports/scheduledreports/configure/scheduleProps.jsp in SonicWall ViewPoint 6.0 SP2 allows remote attackers to execute arbitrary SQL commands via the scheduleID parameter.

CVE-2011-5168
SQL injection vulnerability in user.php in Banana Dance before B.1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2011-5183
Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the where_clause parameter to (1) index.php, (2) index_long.php, or (3) index_short.php in ordering/interface_creator/.

CVE-2011-5175
SQL injection vulnerability in search.php in Banana Dance, possibly B.1.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the category parameter.

CVE-2012-0234
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL.

CVE-2012-0244
Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input.

CVE-2012-0293
Multiple SQL injection vulnerabilities in Symantec Altiris WISE Package Studio before 8.0MR1 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-0337
SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939.

CVE-2012-0912
SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-0973
Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the sCategory parameter to index.php, which is not properly handled by the (1) osc_search_category_id function in oc-includes/osclass/helpers/hSearch.php and (2) findBySlug fun ...

CVE-2012-0999
SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter.

CVE-2012-1077
SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-1225
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.

CVE-2012-1234
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234.

CVE-2012-1255
SQL injection vulnerability in Segue 2.2.10.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-1557
SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vect ...

CVE-2012-1603
Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function.

CVE-2012-1638
SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the "use search_autocomplete" permission to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-1815
SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-2007
SQL injection vulnerability in HP Performance Insight for Networks 5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-2109
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.

CVE-2012-2236
SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action.

CVE-2012-2306
SQL injection vulnerability in the Addressbook module for Drupal 6.x-4.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-2324
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.7 allow remote administrators to execute arbitrary SQL commands via unspecified vectors in the (1) user search or (2) Mail Log in the Admin Control Panel (ACP).

CVE-2012-2325
SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-2332
SQL injection vulnerability in serendipity/serendipity_admin.php in Serendipity before 1.6.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[plugin_to_conf] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).

CVE-2012-2338
SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php.

CVE-2012-2363
SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event.

CVE-2012-2574
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to a "blind SQL injection" issue.

CVE-2012-2684
Multiple SQL injection vulnerabilities in the get_sample_filters_by_signature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to execute arbitrary SQL commands via the (1) agent or (2) object id.

CVE-2012-2740
SQL injection vulnerability in public_html/lists/admin in phpList before 2.10.18 allows remote attackers to execute arbitrary SQL commands via the sortby parameter in a find action.

CVE-2012-2951
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6587. Reason: This candidate is a duplicate of CVE-2007-6587. Notes: All CVE users should reference CVE-2007-6587 instead of this candidate. All references and descriptions in this candidate have been removed to prevent acciden ...

CVE-2012-2961
SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-2998
SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-3032
SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted SOAP message.

CVE-2012-3395
SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data.

CVE-2012-3469
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) ...

CVE-2012-3468
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/controllers/alerts.php, (2) the save_all function in application/models/settings.php, or (3) the media typ ...

CVE-2012-3470
Multiple SQL injection vulnerabilities in application/libraries/api/MY_Countries_Api_Object.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to _get_countries functions.

CVE-2012-3471
Multiple SQL injection vulnerabilities in the edit functions in (1) application/controllers/admin/reports.php and (2) application/controllers/members/reports.php in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via an incident id.

CVE-2012-3477
SQL injection vulnerability in signup_check.php in NeoInvoice allows remote attackers to execute arbitrary SQL commands via the value parameter in a username action.

CVE-2012-3554
SQL injection vulnerability in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-3881
Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) 95.php, (2) view.php, or (3) rtg.php.

CVE-2012-3951
The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session.

CVE-2012-3998
Multiple SQL injection vulnerabilities in Sticky Notes before 0.2.27052012.5 allow remote attackers to execute arbitrary SQL commands via the (1) paste id in admin/modules/mod_pastes.php or (2) show.php, (3) user id to admin/modules/mod_users.php, (4) project to list.php, or (5) session id to show.p ...

CVE-2012-4070
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php.

CVE-2012-4237
Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow remote authenticated users with level 5 or greater permissions to execute arbitrary SQL commands via the subject_module_id parameter to (1) tce_edit_answer.php or (2) tce_edit_question.php.

CVE-2012-4265
SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

CVE-2012-4258
Multiple SQL injection vulnerabilities in MYRE Real Estate Software (2012 Q2) allow remote attackers to execute arbitrary SQL commands via the (1) link_idd parameter to 1_mobile/listings.php or (2) userid parameter to 1_mobile/agentprofile.php.

CVE-2012-4279
Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to agentdisplay.php or (2) edit parameter to admin/admin.php.

CVE-2012-4673
SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list_items function, a different vulnerability than CVE-2012-3477.

CVE-2012-4686
SQL injection vulnerability in announcement.php in vBulletin 4.1.10 allows remote attackers to execute arbitrary SQL commands via the announcementid parameter.

CVE-2012-4868
SQL injection vulnerability in news.php in the Kunena component 1.7.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2012-5317
SQL injection vulnerability in main_bigware_43.php in Bigware Shop before 2.1.5 allows remote attackers to execute arbitrary SQL commands via the lastname parameter in a process action.

CVE-2012-5328
Multiple SQL injection vulnerabilities in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress might allow remote authenticated users to execute arbitrary SQL commands via the (1) memberid or (2) groupid parameters in a removemember action or (3) id parameter to fs-admin/f ...

CVE-2008-5882
SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter.

CVE-2009-2579
SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.

CVE-2011-2930
Multiple SQL injection vulnerabilities in the quote_table_name method in the ActiveRecord adapters in activerecord/lib/active_record/connection_adapters/ in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allow remote attackers to execute arbitrary SQL commands via a cra ...

CVE-2011-0553
SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2011-0448
Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the limit function specify integer values, which makes it easier for remote attackers to conduct SQL injection attacks via a non-numeric argument.

CVE-2012-2695
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query parameter ...

CVE-2012-2661
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveRecord class, which allows remote attackers to conduct certain SQL injection attacks via nested query par ...

CVE-2011-1342
SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ASP before 5.1.1, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVE-2007-2113
SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB07 is actually ...

CVE-2007-2111
SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for m ...

CVE-2007-5508
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) ...

CVE-2012-3132
SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS.

CVE-2005-2983
SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes.

CVE-2005-3046
SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field.

CVE-2005-4349
** DISPUTED ** SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of th ...

CVE-2005-3543
SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter.

CVE-2012-0868
CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL ...

CVE-2010-4257
SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.

CVE-2009-5026
The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.

CVE-2012-2311
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that contain a %3D sequence but no = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options ...

CVE-2003-0286
SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable.

CVE-2005-1017
SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp.

CVE-2005-1487
** DISPUTED ** Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The origin ...

CVE-2005-3553
Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable).

CVE-2005-3817
Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email ...

CVE-2005-3845
SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email support@ezinvoiceinc.com and EZI will email you the patch to fix this sm ...

CVE-2004-1339
SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.

CVE-2005-1500
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth ...

CVE-2005-3646
Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php.

CVE-2005-3996
SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter.

CVE-2005-4011
SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2005-4040
SQL injection vulnerability in FileLister 0.51 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameters, possibly the searchwhat parameter to definesearch.jsp.

CVE-2005-4058
SQL injection vulnerability in saralblog 1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.php.

CVE-2005-4071
Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm.

CVE-2005-4198
SQL injection vulnerability in index.php in Netref 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources.

CVE-2005-4382
SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm.

CVE-2005-4380
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; ...

CVE-2005-4500
SQL injection vulnerability in MusicBox 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) show and (2) type parameter. NOTE: the provenance of this information is unknown, although it was later rediscovered.

CVE-2005-4515
** DISPUTED ** SQL injection vulnerability in WebDB 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search parameters, possibly Search0. NOTE: the vendor has disputed this issue, saying that "WebDB is a generic online database system used by many of the cl ...

CVE-2005-4711
SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2006-0146
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL ...

CVE-2006-0160
SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3.

CVE-2006-0192
SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp.

CVE-2006-0205
Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields i ...

CVE-2006-0199
SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.

CVE-2006-0249
SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable).

CVE-2006-0240
Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts.

CVE-2006-0269
Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent ...

CVE-2006-0318
SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.

CVE-2006-0403
Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) monthy parameter to index.php or (2) login parameter to admin/index.php. NOTE: some sources have reported item 1 as involving the "monthly" parameter, but this is incorrect.

CVE-2006-0413
Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter.

CVE-2006-0412
SQL injection vulnerability in CyberShop allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.

CVE-2006-0510
SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action.

CVE-2006-0586
Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_ ...

CVE-2006-0692
Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a) index.php and (b) changehrs.php.

CVE-2006-0750
SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php.

CVE-2006-0772
SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function.

CVE-2006-0897
** DISPUTED ** SQL injection vulnerability in VCS Virtual Program Management Intranet (VPMi) Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to Service_Requests.asp. NOTE: the provenance of this information is unknown; the details are obtained s ...

CVE-2006-1006
Multiple SQL injection vulnerabilities in sendcard.php in sendcard before 3.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.

CVE-2006-1018
SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a diwan view action.

CVE-2006-1330
Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php.

CVE-2006-1360
Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) type, or (3) show parameter to (a) index.php; or the (4) message1 or (5) message parameter to (b) cart.php.

CVE-2006-1501
SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action.

CVE-2006-1500
SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2006-1676
SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in PN ...

CVE-2006-1751
Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2006-1871
SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package, aka Vuln# DB06.

CVE-2006-1962
SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php.

CVE-2006-2103
SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) tit ...

CVE-2006-2128
Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.p ...

CVE-2006-2239
SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows remote attackers to execute arbitrary SQL commands via the nid parameter.

CVE-2006-2259
SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter.

CVE-2006-2301
SQL injection vulnerability in admin_default.asp in OzzyWork Galeri allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password fields.

CVE-2006-2416
SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name'].

CVE-2006-2760
SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter.

CVE-2006-2977
SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter.

CVE-2006-3139
Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.

CVE-2006-3181
SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter.

CVE-2006-3318
SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.

CVE-2006-3430
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.

CVE-2006-3775
SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php.

CVE-2006-4010
SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: other vectors are covered by CVE-2006-3139.

CVE-2006-4214
Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated user ...

CVE-2006-4564
SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter.

CVE-2006-4736
Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 allow remote attackers to execute arbitrary SQL commands via the (1) adminname and (2) adminpass parameters. NOTE: some of these details are obtained from third party information.

CVE-2006-4785
SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb la ...

CVE-2006-5606
Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors.

CVE-2006-5829
Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) ...

CVE-2006-5840
** DISPUTED ** Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to slistl.php. NOTE: the cat vector is already covered by CVE-2006-2853. NOTE: the vendor ...

CVE-2006-6048
SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2006-6095
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already ...

CVE-2002-2252
SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via a base64-encoded user parameter.

CVE-2002-2277
SQL injection vulnerability in mod_search/index.php in PortailPHP 0.99 allows remote attackers to execute arbitrary SQL commands via the (1) $rech, (2) $BD_Tab_docs, (3) $BD_Tab_file, (4) $BD_Tab_liens, (5) $BD_Tab_faq, or (6) $chemin variables.

CVE-2002-2305
SQL injection vulnerability in agentadmin.php in Immobilier allows remote attackers to execute arbitrary SQL commands via the (1) agentname or (2) agentpassword parameter.

CVE-2003-1435
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.

CVE-2003-1504
SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php.

CVE-2004-2716
Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.

CVE-2004-2737
SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter.

CVE-2004-2746
SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

CVE-2004-2751
SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter.

CVE-2006-6337
Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter.

CVE-2006-6747
SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter.

CVE-2006-6912
SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.

CVE-2006-7118
SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.

CVE-2006-7138
SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. ...

CVE-2007-0350
Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346.

CVE-2007-0520
SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter.

CVE-2007-0527
SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information.

CVE-2007-0642
SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp.

CVE-2007-1154
SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782.

CVE-2007-1469
SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.

CVE-2007-2230
SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and possibly other vectors ...

CVE-2007-2898
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.

CVE-2007-2997
** DISPUTED ** Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating "We were able to reproduce this sql i ...

CVE-2007-3063
SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter.

CVE-2007-3677
Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl, (2) ip.pl, and (3) einsite_director.pl. NOTE: this issue can be leveraged for path disclosure from resulting error messages.

CVE-2007-3909
Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) date and (2) limit parameters to index.php, and other unspecified vectors.

CVE-2007-4173
SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-3080.

CVE-2007-4207
SQL injection vulnerability in admin_console/index.asp in Gallery In A Box allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: these fields might be associated with the txtUsername and txtPassword parameters.

CVE-2007-4491
SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-4540
Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header.

CVE-2007-4611
SQL injection vulnerability in viewevent.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-4716
Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2007-4719
SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-4762
Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMARTCART 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass fields, different vectors than CVE-2007-0092.

CVE-2007-4777
SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778.

CVE-2007-4810
Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to execute arbitrary SQL commands via (1) the ge_id parameter in a list.artists action to explore.php or (2) the id parameter in a show.tracks action to xml.php.

CVE-2007-4835
SQL injection vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.

CVE-2007-4837
SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-4881
SQL injection vulnerability in profile/myprofile.php in psi-labs.com social networking script (psisns), probably 1.0, allows remote attackers to execute arbitrary SQL commands via the u parameter.

CVE-2007-4863
SQL injection vulnerability in example.php in SAXON 5.4 allows remote attackers to execute arbitrary SQL commands via the template parameter.

CVE-2007-5104
SQL injection vulnerability in index.php in the Arcade module in bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2007-5084
Multiple SQL injection vulnerabilities in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary SQL commands via CsAgent service commands with opcodes (1) 0x07, (2) 0x08, (3) 0x09, (4) 0x1E, (5) 0x32, (6) 0x36, (7) 0x40, and p ...

CVE-2007-5141
SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allows remote attackers to execute arbitrary SQL commands via the search parameter.

CVE-2007-5180
Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow remote attackers to execute arbitrary SQL commands via the (1) Kategori parameter in satilik.asp and the (2) Emlak parameter in detay.asp.

CVE-2007-5181
SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allows remote attackers to execute arbitrary SQL commands via the ilan_id parameter.

CVE-2007-5189
Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters.

CVE-2007-5402
Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow (1) remote attackers to execute arbitrary SQL commands via the sys_request_id parameter to editrequestenduser.asp; and allow remote authenticated users to execute arbitrary SQL commands via (2) the oldpassword parameter to writepwd ...

CVE-2007-5704
Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event Registration Template allow remote attackers to execute arbitrary SQL commands via the (1) Email Address and (2) Password fields in (a) login.asp and (b) admin_login.asp.

CVE-2007-5836
SQL injection vulnerability in Amazing Flash AFCommerce allows remote attackers to execute arbitrary SQL commands via the firstname parameter to an unspecified component, a different issue than CVE-2006-3794. NOTE: the provenance of this information is unknown; the details are obtained solely from ...

CVE-2007-5916
SQL injection vulnerability in the login page in phphelpdesk 0.6.16 allows remote attackers to execute arbitrary SQL commands via unspecified parameters related to the "login procedures."

CVE-2007-5976
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.

CVE-2007-5978
SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.

CVE-2007-5975
SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information.

CVE-2007-5991
SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action.

CVE-2007-6035
SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.

CVE-2007-6140
Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) emlak_detay.asp and (b) haber_detay.asp, the (2) kategori parameter to (c) kategorisirala.asp, and the (3) tip parameter to (d) tipsirala.asp.

CVE-2007-6159
SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500.

CVE-2007-6158
Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php.

CVE-2007-6171
SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2007-6163
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter. NOTE: some of these details are obtained from third party information.

CVE-2007-6169
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a different vector than CVE-2007-6163. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informa ...

CVE-2002-2304
SQL injection vulnerability in admin/auth/checksession.php in MyPHPLinks 2.1.9 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the idsession parameter.

CVE-2002-2383
SQL injection vulnerability in f2html.pl 0.1 through 0.4 allows remote attackers to execute arbitrary SQL commands via file names.

CVE-2003-1458
SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name.

CVE-2003-1523
SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors.

CVE-2004-2695
SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267.

CVE-2007-0695
Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, ...

CVE-2007-1302
SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected.

CVE-2007-1548
SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote) sequences, which are colla ...

CVE-2007-3399
SQL injection vulnerability in include/get_userdata.php in Power Phlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php.

CVE-2007-3884
SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: it was later reported that 2.0.1 is also affected.

CVE-2007-4634
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin lo ...

CVE-2007-4778
Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. NOTE: this m ...

CVE-2007-4892
Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote attackers to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3.

CVE-2007-4894
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters r ...

CVE-2007-5372
Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.

CVE-2007-5488
Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.

CVE-2007-5688
Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.

CVE-2007-5986
SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2007-6012
SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the artnr parameter (aka the search section). NOTE: some of these details are obtained from third party information.

CVE-2007-6170
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.

CVE-2006-7231
SQL injection vulnerability in display.asp in Civica Software Civica allows remote attackers to execute arbitrary SQL commands via the Entry parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2007-6269
Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters.

CVE-2007-6266
Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats action, or the lid parameter to (2) modules/myalbum/ratephoto.php or (3) modules/mylinks/ratelink.php, dif ...

CVE-2007-6272
Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_searc ...

CVE-2007-6291
SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter.

CVE-2007-6288
Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2007-6318
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.

CVE-2007-6338
SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill Enterprise Learning Management System 4.1 SP4 allows remote attackers to execute arbitrary SQL commands via the user parameter (username field). NOTE: some of these details are obtained from third party information.

CVE-2007-6345
SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party informati ...

CVE-2007-6381
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVE-2007-6373
Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the (1) categorie parameter to catdownload.php, or the id parameter to (2) download.php or (3) hitcounter.php.

CVE-2007-6375
Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code ...

CVE-2007-6467
SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.

CVE-2007-6517
SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information.

CVE-2007-6518
Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters.

CVE-2007-6538
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-6587
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-6634
Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to execute arbitrary SQL commands via the category_id parameter to faq.php, and unspecified other vectors involving additional scripts.

CVE-2007-6671
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. NOTE: some of these details are obtained from third party information.

CVE-2008-0026
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.

CVE-2008-0130
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely fro ...

CVE-2008-0173
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.

CVE-2008-0267
Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) pas ...

CVE-2008-0281
SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter.

CVE-2008-0286
SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields.

CVE-2008-0363
Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php.

CVE-2008-0383
Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads actio ...

CVE-2008-0451
Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) ...

CVE-2008-0449
SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-0487
Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: some of these details are obtained from third party information.

CVE-2008-0499
SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-0543
Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. NOTE: some of these details are obtained from third party information.

CVE-2008-0733
SQL injection vulnerability in index.php in CS Team Counter Strike Portals allows remote attackers to execute arbitrary SQL commands via the id parameter, as demonstrated using the downloads page.

CVE-2008-0744
SQL injection vulnerability in user_login.asp in PreProjects.com Pre Hotels & Resorts Management System allows remote attackers to execute arbitrary SQL commands via the login page.

CVE-2008-0762
SQL injection vulnerability in index.php in the com_iomezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.

CVE-2008-0750
SQL injection vulnerability in philboard_forum.asp in Husrev BlackBoard 2.0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

CVE-2008-0771
Multiple SQL injection vulnerabilities in default.asp in Site2Nite allow remote attackers to execute arbitrary SQL commands via the (1) txtUserName and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.

CVE-2008-0817
SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.

CVE-2008-0815
SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task.

CVE-2008-0845
SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter.

CVE-2008-0856
Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-0854
SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php.

CVE-2008-0849
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652.

CVE-2008-0879
SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.

CVE-2008-0918
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information ...

CVE-2008-0908
SQL injection vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to execute arbitrary SQL commands via the c parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-0943
Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp.

CVE-2008-0942
SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter.

CVE-2008-1220
SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-1219
SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php.

CVE-2008-1298
SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php.

CVE-2008-1315
SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php.

CVE-2008-1314
SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php.

CVE-2008-1354
SQL injection vulnerability in MyIssuesView.asp in Advanced Data Solutions Virtual Support Office-XP (VSO-XP) allows remote attackers to execute arbitrary SQL commands via the Issue_ID parameter.

CVE-2008-1486
SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.

CVE-2008-1508
SQL injection vulnerability in EfesTech E-Kont��r and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-1540
SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely ...

CVE-2008-1549
Multiple SQL injection vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to execute arbitrary SQL commands via the (1) GrdBk parameter to GradebookOptions.asp and the (2) SchlCode variable to loginproc.asp, a differen ...

CVE-2008-1607
SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter.

CVE-2008-1631
SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php.

CVE-2008-1632
Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) listid parameter to pages/editmailinglist_step1.php, the (2) userid parameter to pages/edituser.php, the (3) fieldid parameter to pages/editfield.php, and the (4) ...

CVE-2008-1641
SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter.

CVE-2008-1644
SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-1699
SQL injection vulnerability in permalink.php in Desi Quintans Writer's Block CMS 3.8a allows remote attackers to execute arbitrary SQL commands via the PostID parameter.

CVE-2008-1733
SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php.

CVE-2008-1840
SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.

CVE-2008-1844
SQL injection vulnerability in cat.php in W2B phpHotResources allows remote attackers to execute arbitrary SQL commands via the kind parameter.

CVE-2008-1843
SQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action.

CVE-2008-1841
SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April ...

CVE-2008-1890
SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-1968
Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp.

CVE-2008-2038
Multiple SQL injection vulnerabilities in admin/adminindex.php in Turnkey Web Tools SunShop Shopping Cart 4.1.0 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) orderby and (2) sort parameters. NOTE: the provenance of this information is unknown; the details a ...

CVE-2008-2034
SQL injection vulnerability in wp-download_monitor/download.php in the Download Monitor 2.0.6 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party in ...

CVE-2008-2067
SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.

CVE-2008-2094
SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2118
SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2130
SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2184
Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) mois, (2) an, (3) jour, and (4) id parameters to index.php, and the (5) login parameter to gestion/logon.php, different vectors than CVE-2008-2183. NOTE: the pro ...

CVE-2008-2203
SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action.

CVE-2008-2208
SQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action.

CVE-2008-2205
SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action.

CVE-2008-2231
SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter.

CVE-2008-2286
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.

CVE-2008-2334
Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) forumid parameter to (a) admin/philboard_admin-forumedit.asp, (b) admin/philboard_admin-forum.asp, and (c) W1L3D4_foruma_yeni_konu_ac.asp; the (2) id parameter to (d) W ...

CVE-2008-2339
SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549.

CVE-2008-2381
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.

CVE-2008-2380
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.

CVE-2008-2412
SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2422
SQL injection vulnerability in index.php in Web Slider 0.6 allows remote attackers to execute arbitrary SQL commands via the slide parameter in a slides action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-2428
Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action.

CVE-2008-2425
SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the letter parameter in a Search action, a different vector than CVE-2008-2416. NOTE: the provenance of this information is unknown; the details are obtained solely from third party ...

CVE-2008-2451
Multiple SQL injection vulnerabilities in the Statistics (aka ke_stats) extension 0.1.2 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-2460
SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows remote attackers to execute arbitrary SQL commands via the q parameter in a search action.

CVE-2008-2479
Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php.

CVE-2008-2492
Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to post3/book.asp.

CVE-2008-2491
SQL injection vulnerability in adv_cat.php in AbleSpace 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

CVE-2008-2489
SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input."

CVE-2008-2498
Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. NOTE: some of these details are obtained from third party information.

CVE-2008-2510
SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter.

CVE-2008-2509
SQL injection vulnerability in pwd.asp in Excuse Online allows remote attackers to execute arbitrary SQL commands via the pID parameter.

CVE-2008-2523
SQL injection vulnerability in the Autopatcher server plugin in RakNet before 3.23 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-2642
SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remote attackers to execute arbitrary SQL commands via the userAccount parameter (aka the User Name field) to index.php. NOTE: some of these details are obtained from third party information.

CVE-2008-2667
SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified oth ...

CVE-2008-2685
SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626.

CVE-2008-2757
SQL injection vulnerability in search.asp in Xigla Absolute News Manager XE 3.2 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.

CVE-2008-2763
SQL injection vulnerability in search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.

CVE-2008-2762
SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.

CVE-2008-2760
SQL injection vulnerability in searchbanners.asp in Xigla Absolute Banner Manager XE 2.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.

CVE-2008-2767
SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter.

CVE-2008-2765
SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.

CVE-2008-2775
SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to execute arbitrary SQL commands via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-2781
SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allows remote attackers to execute arbitrary SQL commands via the fname parameter in a members search action.

CVE-2008-2819
SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlier MySQL and PostgreSQL editions allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-2850
SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API.

CVE-2008-2925
SQL injection vulnerability in Webmatic before 2.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-2968
SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the book_id parameter.

CVE-2008-2999
Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-3039
SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-3038
SQL injection vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-3034
Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.

CVE-2008-3044
SQL injection vulnerability in the News Calendar (newscalendar) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-3051
SQL injection vulnerability in the Pinboard extension 0.0.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-3053
SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-3058
Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and possibly other versions before 4, allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka Email field) to index.php in (1) member/, (2) client/, or (3) admin/; or (4) the FormValue_SearchKeyw ...

CVE-2008-3056
SQL injection vulnerability in the Codeon Petition (cd_petition) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-3055
SQL injection vulnerability in the Support view (ext_tbl) extension 0.0.102 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-3054
SQL injection vulnerability in the Branchenbuch (aka Yellow Pages o (mh_branchenbuch) extension 0.8.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-3063
SQL injection vulnerability in login.php in V-webmail 1.5.0 might allow remote attackers to execute arbitrary SQL commands via the username parameter.

CVE-2008-3092
SQL injection vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-3090
Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO GUN +) 2.5.5 MySQL and PostgreSQL editions allow remote attackers to execute arbitrary SQL commands via the (1) p, (2) e, (3) d, and (4) m parameters, a different vulnerability than CVE-2008-2819.

CVE-2008-3122
Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to execute arbitrary SQL commands via the unspecified vectors.

CVE-2008-3151
SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action.

CVE-2008-3206
SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black Cat allows remote attackers to execute arbitrary SQL commands via the category parameter.

CVE-2008-3212
Multiple SQL injection vulnerabilities in Scripteen Free Image Hosting Script 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/login.php, or the (3) uname or (4) pass parameter to login.php. NOTE: the provenance of this informati ...

CVE-2008-3223
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."

CVE-2008-3258
Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-3297
Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php.

CVE-2008-3306
SQL injection vulnerability in info.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3307. NOTE: the provenance of this information is unknown; the details are obtained solely from third party i ...

CVE-2008-3347
SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter.

CVE-2008-3345
SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a pickup action.

CVE-2008-3343
SQL injection vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr (trial edition) allows remote attackers to execute arbitrary SQL commands via the read parameter in a search action.

CVE-2008-3341
Multiple SQL injection vulnerabilities in search_result.cfm in Jobbex JobSite allow remote attackers to execute arbitrary SQL commands via the (1) jobcountryid and (2) jobstateid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party inform ...

CVE-2008-3359
SQL injection vulnerability in register.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely fro ...

CVE-2008-3370
SQL injection vulnerability in the CUA Login Module in EMC Centera Universal Access (CUA) 4.0_4735.p4 allows remote attackers to execute arbitrary SQL commands via the user (user name) field.

CVE-2008-3388
Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php.

CVE-2008-3393
SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter.

CVE-2008-3495
SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter.

CVE-2008-3512
SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php.

CVE-2008-3513
SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php.

CVE-2008-3556
Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522.

CVE-2008-3561
SQL injection vulnerability in s03.php in Powergap Shopsystem, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the ag parameter.

CVE-2008-3582
SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.

CVE-2008-3672
SQL injection vulnerability in showcategory.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3673. NOTE: the provenance of this information is unknown; the details are obtained solely from third party i ...

CVE-2008-3682
SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter.

CVE-2008-3701
SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action.

CVE-2008-3722
SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the kat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-3724
SQL injection vulnerability in index.php in Papoo before 3.7.2 allows remote attackers to execute arbitrary SQL commands via the suchanzahl parameter.

CVE-2008-3752
SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3753
SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3774
SQL injection vulnerability in index.php in Simasy CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3867
SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter.

CVE-2008-3880
SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter.

CVE-2008-3887
Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in a view ...

CVE-2008-3918
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-3942
SQL injection vulnerability in landsee.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3948
SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors.

CVE-2008-4046
SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-4094
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.

CVE-2008-4143
SQL injection vulnerability in category_search.php in RazorCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4148
SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API.

CVE-2008-4172
SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote attackers to execute arbitrary SQL commands via the lnkid parameter.

CVE-2008-4186
SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id_doc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-4303
Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and earlier allow remote attackers to execute arbitrary SQL commands via the loginForm parameter to general/login.php, and unspecified other vectors.

CVE-2008-4328
SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 allows remote attackers to execute arbitrary SQL commands via the (1) item, (2) search_ordermethod, and (3) search_order parameters.

CVE-2008-4338
SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with "access brilliant_gallery" permissions to execute arbitrary SQL commands via the (1) nid, (2) qid, ...

CVE-2008-4344
SQL injection vulnerability in cat.php in 6rbScript allows remote attackers to execute arbitrary SQL commands via the CatID parameter.

CVE-2008-4348
SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4431
SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlier allows remote attackers to execute arbitrary SQL commands via the skin parameter, probably related to an incorrect protection mechanism in the clean_string function in includes/functions.php.

CVE-2008-4433
SQL injection vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops might allow remote attackers to execute arbitrary SQL commands via the itemsxpag parameter.

CVE-2008-4458
SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action.

CVE-2008-4459
SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information.

CVE-2008-4487
SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) site_name, (2) email, (3) theme_chosen, (4) hp, (5) c_meta, (6) id, and (7) c_js parameters. NOTE: the provenance of this information is unknown; the details are obt ...

CVE-2008-4525
SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remote attackers to execute arbitrary SQL commands via the special parameter in a performerid action.

CVE-2008-4531
SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338.

CVE-2008-4534
SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ver2 RC 2.3.0-rc1 and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-4611
SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretci Defteri allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.

CVE-2008-4633
SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote."

CVE-2008-4651
Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php.

CVE-2008-4647
SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2008-4660
SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-4701
SQL injection vulnerability in admin.php in Libera CMS 1.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_user cookie parameter, a different vector than CVE-2008-4700. NOTE: the provenance of this information is unknown; the detai ...

CVE-2008-4743
SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter.

CVE-2008-4744
SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to execute arbitrary SQL commands via the pid parameter.

CVE-2008-4746
Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) search.asp and (2) cartUtil.asp.

CVE-2008-4766
SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-4768
SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to execute arbitrary SQL commands via the nom parameter to a-b-membres.php. NOTE: the goodies.php vector is already covered by CVE-2007-4808. NOTE: the provenance of this information is unknown; the details are obtained solely from ...

CVE-2008-4777
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.

CVE-2008-4804
SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was disclosed by an unrelia ...

CVE-2008-4806
Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party info ...

CVE-2008-4904
SQL injection vulnerability in the "Manage pages" feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with "blog publisher" rights to execute arbitrary SQL commands via the search[published_at] parameter.

CVE-2008-4991
SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and earlier, 1.4.7 and earlier, and 1.5.0-beta2 and earlier; and Community Edition 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the parameter.

CVE-2008-5064
SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-5057
SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the film parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-5055
SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to execute arbitrary SQL commands via the department_id parameter to index.php.

CVE-2008-5122
SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter.

CVE-2008-5163
Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewarticle.php and (2) viewarticle2.php.

CVE-2008-5165
Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php.

CVE-2008-5222
SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.

CVE-2008-5434
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php.

CVE-2008-5655
Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmarker_backend.php or (b) ajaxp.php, different vector ...

CVE-2008-5796
SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-5797
SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-5798
SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-5800
SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-5813
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.

CVE-2008-5940
SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the searchid parameter. NOTE: some of these details are obtained from third party information.

CVE-2008-5954
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lname parameter in a login action to an unspecified component. NOTE: the provenance of this information is unknown; the de ...

CVE-2008-5946
SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter.

CVE-2008-5970
SQL injection vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

CVE-2008-5975
SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-5977
SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action.

CVE-2008-5998
Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, ...

CVE-2008-6020
SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields."

CVE-2008-6013
Multiple SQL injection vulnerabilities in Freeway before 1.4.3.210 allow remote attackers to execute arbitrary SQL commands via unspecified vectors involving the (1) advanced search result and (2) service resource pages.

CVE-2008-6016
SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3952. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-6015
Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) keywords and (2) cat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-6019
SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-6026
SQL injection vulnerability in tienda.php in BlueCUBE CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-6069
SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter.

CVE-2008-6075
SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 allows remote attackers to execute arbitrary SQL commands via the kid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-6120
SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter.

CVE-2009-0302
SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.

CVE-2009-0332
Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components.

CVE-2009-0326
SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-0339
SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action.

CVE-2009-0402
SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3 ...

CVE-2009-0401
SQL injection vulnerability in browsecats.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the cid parameter.

CVE-2003-1573
The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* ...

CVE-2008-6134
SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-6155
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-6189
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php.

CVE-2008-6203
SQL injection vulnerability in adminler.asp in CoBaLT 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-6236
SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from thi ...

CVE-2008-6256
SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022.

CVE-2008-6255
Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) answer parameter to admincp/verify.php, (2) extension parameter in an edit action to admincp/attachmentpermission.php, and the (3) iperm parameter to admi ...

CVE-2008-6266
SQL injection vulnerability in links.php in Appalachian State University phpWebSite allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.

CVE-2008-6262
SQL injection vulnerability in lib/url/meta_url.php in SaturnCMS allows remote attackers to execute arbitrary SQL commands via the URL to the translate function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-6276
Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value.

CVE-2008-6304
SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when magic_quotes_gpc is enabled and the SEO URLs are activated, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-6326
SQL injection vulnerability in login.php in Simple Customer as downloaded on 20081118 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-6368
SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m allows remote attackers to execute arbitrary SQL commands via the start parameter.

CVE-2008-6376
SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the password (pass parameter).

CVE-2008-6383
SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-6391
SQL injection vulnerability in main.asp in Jbook allows remote attackers to execute arbitrary SQL commands via the username (user parameter).

CVE-2008-6392
SQL injection vulnerability in showads.php in Z1Exchange allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-6418
SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.

CVE-2008-6434
SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter.

CVE-2008-6443
SQL injection vulnerability in forum_duzen.php in phpKF allows remote attackers to execute arbitrary SQL commands via the fno parameter.

CVE-2008-6461
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-6460
SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-6456
SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-6458
SQL injection vulnerability in the FE address edit for tt_address & direct mail (dmaddredit) extension 0.4.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-6457
SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-6459
SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-6462
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-6517
SQL injection vulnerability in NewsHOWLER 1.03 Beta allows remote attackers to execute arbitrary SQL commands via the news_user cookie parameter.

CVE-2008-6573
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web inte ...

CVE-2008-6572
SQL injection vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

CVE-2008-6595
SQL injection vulnerability in the pmk_rssnewsexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-6594
SQL injection vulnerability in the cm_rdfexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-6615
SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to execute arbitrary SQL commands via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party inform ...

CVE-2008-6618
Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php.

CVE-2008-6640
Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and (2) profil.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-6678
SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp.

CVE-2008-6686
SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2008-6692
SQL injection vulnerability in Diocese of Portsmouth Training Courses (pd_trainingcourses) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2008-6691
SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2008-6694
SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2008-6693
SQL injection vulnerability in Download system (sb_downloader) extension 0.1.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2008-6689
SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2008-6695
SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2008-6696
SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2008-6697
SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2008-6753
SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField.

CVE-2008-6779
SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.

CVE-2008-6803
SQL injection vulnerability in diziler.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-6837
SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-6865
SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action.

CVE-2008-6866
SQL injection vulnerability in modules.php in the Current_Issue module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a summary action.

CVE-2008-6880
SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes Website allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-6875
SQL injection vulnerability in default.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-5220.

CVE-2008-6890
SQL injection vulnerability in messages.asp in ASP Forum Script allows remote attackers to execute arbitrary SQL commands via the message_id parameter.

CVE-2008-6887
SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter.

CVE-2008-6970
SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter.

CVE-2008-6968
Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.

CVE-2008-6980
SQL injection vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to execute arbitrary SQL commands via the results_per_page parameter to index.php. NOTE: some of these details are obtained from third party information.

CVE-2008-6985
Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.

CVE-2008-7030
Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp. NOTE: this issue was disclosed by an unreliable researcher, so it might be inc ...

CVE-2008-7033
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unrel ...

CVE-2008-7040
SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.

CVE-2008-7059
SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter.

CVE-2008-7226
SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter.

CVE-2009-0709
SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-0706
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.

CVE-2009-0730
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly hand ...

CVE-2009-0808
Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-0825
SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2009-1027
SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter.

CVE-2009-1034
SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI.

CVE-2009-1065
SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-1208
SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.

CVE-2009-1245
Multiple SQL injection vulnerabilities in the insert_to_pastebin function in php/cccp-admin/inc/functions.php in CCCP Community Clan Portal Pastebin before 2.80 allow remote attackers to execute arbitrary SQL commands via the (1) subject, (2) language, and (3) nickname parameters to php/cccp-pages/s ...

CVE-2009-1258
SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-1362
SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-1481
SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the cname parameter in a checkAlias action, as exploited in the wild in April 2009. NOTE: the provenance of this information is unknown; the details are obt ...

CVE-2009-1505
SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field.

CVE-2009-1657
Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-1731
SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded supervisor cookie.

CVE-2009-1842
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.

CVE-2009-1843
Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) quiz parameter to (a) num_questions.php, (b) answers.php, (c) high_score.php, (d) high_score_web.php, (e) results_table_web.php, and (f) question.php; and the (2) order_nu ...

CVE-2009-2008
Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2.

CVE-2009-2004
Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902.

CVE-2009-2093
SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-2232
SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-2243
SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-2365
SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-2545
SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are obtained solely from third p ...

CVE-2009-2590
SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

CVE-2009-2734
SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.

CVE-2009-2789
SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party inform ...

CVE-2009-2790
SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4.

CVE-2009-2888
SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter.

CVE-2009-2885
SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter.

CVE-2009-2886
SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter.

CVE-2009-2894
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php.

CVE-2009-2891
SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.

CVE-2009-2978
SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-3081
SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the month parameter in a calendar action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-3203
SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2009-3205
SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_product action.

CVE-2009-3208
Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to permalink.php and (2) year parameter to index.php.

CVE-2009-3209
SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVE-2009-3212
SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field.

CVE-2009-3255
SQL injection vulnerability in RASH Quote Management System (RQMS) 1.2.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an admin action to the default URI.

CVE-2009-3259
Multiple SQL injection vulnerabilities in RASH Quote Management System (RQMS) 1.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the search parameter in a search action, (2) the quote parameter in a quote addition, or (3) a User_Name cookie in unspecified administrative actions. ...

CVE-2009-3438
SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php.

CVE-2009-3434
SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php.

CVE-2009-3436
Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID or (2) CAT_ID parameter. NOTE: this might overlap CVE-2005-1417.

CVE-2009-3501
SQL injection vulnerability in students.php in BPowerHouse BPStudents 1.0 allows remote attackers to execute arbitrary SQL commands via the test parameter in a preview action.

CVE-2009-3480
SQL injection vulnerability in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information ...

CVE-2009-3505
SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. NOTE: the game_id vector is already covered by CVE-2008-4460.

CVE-2009-3532
Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information.

CVE-2009-3533
SQL injection vulnerability in report.php in Meeting Room Booking System (MRBS) before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the typematch parameter. NOTE: some of these details are obtained from third party information.

CVE-2009-3582
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation.

CVE-2009-3632
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters ...

CVE-2009-3697
SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.

CVE-2009-3778
SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-3788
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.

CVE-2009-3834
SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in a blogs action to index.php.

CVE-2009-3835
SQL injection vulnerability in the JShop (com_jshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a product action to index.php.

CVE-2009-3913
SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter.

CVE-2009-4057
SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to index.php.

CVE-2009-4059
SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php.

CVE-2009-4058
SQL injection vulnerability in allauctions.php in Telebid Auction Script allows remote attackers to execute arbitrary SQL commands via the aid parameter.

CVE-2009-4060
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.

CVE-2009-4084
SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4099
SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party information.

CVE-2009-4218
Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a related issue to CVE-2007-6091. NOTE: the provenance of this information is unknown; the details ar ...

CVE-2009-4221
SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767.

CVE-2009-4229
Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter in the PATH_INFO to the default URI or (2) the catid parameter to default.asp. NOTE: this might overlap CVE-2009-0429.3. NOTE: the provenanc ...

CVE-2009-4256
Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action. NOTE: some of these details are obtained from third party information.

CVE-2009-4263
SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2009-4338
SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2009-4337
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691.

CVE-2009-4339
SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2009-4342
SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2009-4341
SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2009-4351
SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter.

CVE-2009-4360
SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CVE-2009-4414
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php.

CVE-2009-4424
SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2009-4423
SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arbitrary SQL commands via the moduleid parameter. NOTE: some of these details are obtained from third party information.

CVE-2009-4428
SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php.

CVE-2009-4437
Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1.

CVE-2009-4436
Multiple SQL injection vulnerabilities in Active Web Softwares eWebquiz 8 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp, different vectors than CVE-2007-1706.

CVE-2009-4566
SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2009-4569
SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/.

CVE-2009-4577
SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php.

CVE-2009-4574
SQL injection vulnerability in country_escorts.php in I-Escorts Directory Script allows remote attackers to execute arbitrary SQL commands via the country_id parameter.

CVE-2009-4576
SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a suggestions action to index.php.

CVE-2009-4571
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_f ...

CVE-2009-4583
SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php.

CVE-2009-4582
SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2009-4599
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.

CVE-2009-4598
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.

CVE-2009-4597
Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the (2) user (username) and (3) pass ( ...

CVE-2009-4591
SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2009-4600
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Email parameter (aka the username field). NOTE: some of these details are obtained from third party information.

CVE-2009-4731
SQL injection vulnerability in photos.php in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allows remote attackers to execute arbitrary SQL commands via the album parameter.

CVE-2009-4742
Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable through index.php; (2) the word parameter in a play keyw action to the link module, reachable through index. ...

CVE-2009-4751
SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.

CVE-2009-4795
Multiple SQL injection vulnerabilities in Xlight FTP Server before 3.2.1, when ODBC authentication is enabled, allow remote attackers to execute arbitrary SQL commands via the (1) USER (aka username) or (2) PASS (aka password) command.

CVE-2009-4865
Multiple SQL injection vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained fr ...

CVE-2009-4947
SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 Solutions ConnX 4.0.20080606 allows remote attackers to execute arbitrary SQL commands via the txtEmail parameter.

CVE-2009-5003
SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter.

CVE-2010-0112
Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related to the sGetDefinition function in rdServer.dll, and ...

CVE-2010-0115
SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter.

CVE-2010-0122
Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.

CVE-2010-0147
SQL injection vulnerability in the Management Center for Cisco Security Agents 5.1 before 5.1.0.117, 5.2 before 5.2.0.296, and 6.0 before 6.0.1.132 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0375
SQL injection vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2010-0373
SQL injection vulnerability in the libros (com_libros) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

CVE-2010-0372
SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php.

CVE-2010-0458
Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to index.php and the (2) note parameter to blog.php.

CVE-2010-0459
SQL injection vulnerability in the Mochigames (com_mochigames) component 0.51 and possibly other versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

CVE-2010-0456
SQL injection vulnerability in the indianpulse Game Server (com_gameserver) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the grp parameter in a gameserver action to index.php.

CVE-2010-0457
SQL injection vulnerability in home.php in magic-portal 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-0461
SQL injection vulnerability in the casino (com_casino) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) category or (2) player action to index.php.

CVE-2010-0469
SQL injection vulnerability in Files2Links F2L 3000 appliance 4.0.0, and possibly other versions and models, allows remote attackers to execute arbitrary SQL commands via unspecified parameters to the login page.

CVE-2010-0614
SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the (1) question action, and possibly the (2) sub_par or (3) num_quest actions.

CVE-2010-0610
Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for the id parameter to detail.php may also exist.

CVE-2010-0611
Multiple SQL injection vulnerabilities in adminlogin.php in Baal Systems 3.8 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

CVE-2010-0632
SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com_simplefaq) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action to index.php.

CVE-2010-0630
SQL injection vulnerability in viewjokes.php in Evernew Free Joke Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-0672
SQL injection vulnerability in index.php in WSN Guest 1.02 allows remote attackers to execute arbitrary SQL commands via the orderlinks parameter.

CVE-2010-0694
SQL injection vulnerability in the PerchaGallery (com_perchagallery) component before 1.5b for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an editunidad action to index.php.

CVE-2010-0693
SQL injection vulnerability in products.php in CommodityRentals Trade Manager Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

CVE-2010-0690
SQL injection vulnerability in index.php in CommodityRentals Video Games Rentals allows remote attackers to execute arbitrary SQL commands via the pfid parameter in a catalog action.

CVE-2010-0698
SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC CMS 2.2 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-0712
Multiple SQL injection vulnerabilities in zport/dmd/Events/getJSONEventsInfo in Zenoss 2.3.3, and other versions before 2.5, allow remote authenticated users to execute arbitrary SQL commands via the (1) severity, (2) state, (3) filter, (4) offset, and (5) count parameters.

CVE-2010-0702
SQL injection vulnerability in cisco/services/PhonecDirectory.php in Fonality Trixbox 2.2.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVE-2010-0701
SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-0722
SQL injection vulnerability in news.php in Php Auktion Pro allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-0723
SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-0720
SQL injection vulnerability in news.php in Erotik Auktionshaus allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-0721
SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-0753
SQL injection vulnerability in the SQL Reports (com_sqlreport) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter to ajax/print.php. NOTE: some of these details are obtained from third party information.

CVE-2010-0761
SQL injection vulnerability in index.php in CommodityRentals Books/eBooks Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a gamecatalog action.

CVE-2010-0764
SQL injection vulnerability in index.php in KuwaitPHP eSmile allows remote attackers to execute arbitrary SQL commands via the cid parameter in a show action.

CVE-2010-0762
SQL injection vulnerability in index.php in CommodityRentals CD Rental Software allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action.

CVE-2010-0758
SQL injection vulnerability in news_desc.php in Softbiz Jobs allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-0795
SQL injection vulnerability in the JE Event Calendars (com_jeeventcalendar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an event action to index.php.

CVE-2010-0796
SQL injection vulnerability in the JE Quiz (com_jequizmanagement) component 1.b01 for Joomla! allows remote attackers to execute arbitrary SQL commands via the eid parameter in a question action to index.php.

CVE-2010-0803
SQL injection vulnerability in the jVideoDirect (com_jvideodirect) component 1.1 RC3b for Joomla! allows remote attackers to execute arbitrary SQL commands via the v parameter to index.php.

CVE-2010-0800
SQL injection vulnerability in the Ossolution Team Documents Seller (aka DMS) (com_dms) component 2.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a view_category action to index.php.

CVE-2010-0948
SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-0946
SQL injection vulnerability in the Keep It Simple Stupid (KISS) Software Advertiser (com_ksadvertiser) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showcats action to index.php.

CVE-2010-0945
SQL injection vulnerability in the HotBrackets Tournament Brackets (com_hotbrackets) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

CVE-2010-0964
SQL injection vulnerability in start.php in Eros Webkatalog allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.

CVE-2010-0955
SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-0954
SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter.

CVE-2010-0951
SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter.

CVE-2010-0952
SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action.

CVE-2010-0950
Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php.

CVE-2010-0970
SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-0973
SQL injection vulnerability in index.php in phppool media Domain Verkaus and Auktions Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-0974
Multiple SQL injection vulnerabilities in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) video_show.php, (2) spotlight_detail.php, (3) real_estate_details.php, and (4) auto_details.php.

CVE-2010-0980
SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats 1.1 allows remote attackers to execute arbitrary SQL commands via the steamid parameter.

CVE-2010-0981
SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to index.php.

CVE-2010-1024
SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-1026
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-1027
SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-1047
SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a singer action.

CVE-2010-1044
SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 allows remote attackers to execute arbitrary SQL commands via the isHttpPort parameter.

CVE-2010-1053
Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to (a) userlogin.php and (b) managerlogin.php. NOTE: some of these details are ob ...

CVE-2010-1071
SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-1070
SQL injection vulnerability in index.php in ImagoScripts Deviant Art Clone allows remote attackers to execute arbitrary SQL commands via the seid parameter in a forums viewcat action.

CVE-2010-1078
SQL injection vulnerability in archive.php in XlentProjects SphereCMS 1.1 alpha allows remote attackers to execute arbitrary SQL commands via encoded null bytes ("%00") in the view parameter, which bypasses a protection mechanism.

CVE-2010-1073
SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a summary action to index.php.

CVE-2010-1094
SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus V4rgo allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-1092
Multiple SQL injection vulnerabilities in login.php in ScriptsFeed Business Directory Software allow remote attackers to execute arbitrary SQL commands via the (1) us and (2) ps parameters.

CVE-2010-1090
SQL injection vulnerability in index.php in phpMySite allows remote attackers to execute arbitrary SQL commands via the action parameter.

CVE-2010-1109
Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) v2 parameter in a member view action, (2) v1 parameter in a news action, (3) v1 parameter in an information action, (4) v2 pa ...

CVE-2010-1134
SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable.

CVE-2010-1133
Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php.

CVE-2010-1269
SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.

CVE-2010-1270
SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.

CVE-2010-1271
SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows remote attackers to execute arbitrary SQL commands via the domain parameter.

CVE-2010-1300
SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Album) 1.00 allows remote attackers to execute arbitrary SQL commands via the calbums parameter.

CVE-2010-1301
SQL injection vulnerability in main.php in Centreon 2.1.5 allows remote attackers to execute arbitrary SQL commands via the host_id parameter.

CVE-2010-1327
Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the marca parameter to precios.php3 or (2) the where parameter in a delivery_courier action to control/abm_list.php3.

CVE-2010-1343
SQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows remote attackers to execute arbitrary SQL commands via the albumid parameter.

CVE-2010-1341
SQL injection vulnerability in index.php in Systemsoftware Community Black Forum allows remote attackers to execute arbitrary SQL commands via the s_flaeche parameter.

CVE-2010-1331
SQL injection vulnerability in Heartlogic HL-SiteManager allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVE-2010-1338
SQL injection vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to execute arbitrary SQL commands via the userid parameter in a modboard action.

CVE-2010-1336
Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) newlanguage parameters to site.php, (3) search parameter to manuals.php, and (4) unspecified vectors to faq.php. NOTE: some of these details are obtained from third ...

CVE-2010-1344
SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter in a detail action to index.php.

CVE-2010-1346
SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-1350
SQL injection vulnerability in the JP Jobs (com_jp_jobs) component 1.4.1 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

CVE-2010-1426
SQL injection vulnerability in MODx Evolution before 1.0.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors related to WebLogin.

CVE-2010-1372
SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

CVE-2010-1363
SQL injection vulnerability in the JProjects (com_j-projects) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the project parameter in a projects action to index.php.

CVE-2010-1368
SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action.

CVE-2010-1498
Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) download.php and (2) view_file.php.

CVE-2010-1496
SQL injection vulnerability in the JoltCard (com_joltcard) component 1.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cardID parameter in a view action to index.php.

CVE-2010-1493
SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php.

CVE-2010-1499
SQL injection vulnerability in genre_artists.php in MusicBox 3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-1529
SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) component, possibly 1.3, for Joomla! allows remote attackers to execute arbitrary SQL commands via the faqid parameter in an faq action to index.php.

CVE-2010-1522
Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter ...

CVE-2010-1538
SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-1583
SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action.

CVE-2010-1588
SQL injection vulnerability in the Getwebsess function in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via the websess parameter.

CVE-2010-1595
Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter.

CVE-2010-1599
SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and 5.2.2.0 allows remote attackers to execute arbitrary SQL commands via the id_sp parameter.

CVE-2010-1604
Multiple SQL injection vulnerabilities in admin_login.php in NCT Jobs Portal Script allow remote attackers to execute arbitrary SQL commands via the (1) user parameter (aka login field) and (2) passwd parameter (aka password field). NOTE: some of these details are obtained from third party informat ...

CVE-2010-1605
Multiple SQL injection vulnerabilities in isearch.php in NCT Jobs Portal Script allow remote attackers to execute arbitrary SQL commands via the (1) anyword and (2) cityname parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information ...

CVE-2010-1600
SQL injection vulnerability in the Media Mall Factory (com_mediamall) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.

CVE-2010-1656
SQL injection vulnerability in the Airiny ABC (com_abc) component 1.1.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sectionid parameter in an abc action to index.php.

CVE-2010-1660
SQL injection vulnerability in help-details.php in CLScript Classifieds Script allows remote attackers to execute arbitrary SQL commands via the hpId parameter.

CVE-2010-1661
Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) 3.0.21 allow remote attackers to execute arbitrary SQL commands via the (1) phpqa_user_c parameter to Arcade.php and the (2) id parameter to acpmoderate.php.

CVE-2010-1669
SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-1704
Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI ...

CVE-2010-1702
SQL injection vulnerability in submitticket.php in WHMCompleteSolution (WHMCS) 4.2 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.

CVE-2010-1706
Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. NOTE: some of these details are obtained from third party i ...

CVE-2010-1716
SQL injection vulnerability in the Agenda Address Book (com_agenda) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

CVE-2010-1708
Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter).

CVE-2010-1713
SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action.

CVE-2010-1725
SQL injection vulnerability in offers_buy.php in Alibaba Clone Platinum allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-1726
SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-1721
SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php.

CVE-2010-1720
SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php.

CVE-2010-1727
SQL injection vulnerability in type.asp in JobPost 1.0 allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-1733
Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through ...

CVE-2010-1739
SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php.

CVE-2010-1740
SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter.

CVE-2010-1743
SQL injection vulnerability in projects.php in Scratcher allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-1744
SQL injection vulnerability in product.html in B2B Gold Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-1741
SQL injection vulnerability in request_account.php in Billwerx RC 5.2.2 PL2 allows remote attackers to execute arbitrary SQL commands via the primary_number parameter.

CVE-2010-1867
SQL injection vulnerability in the ArticleAttachment::GetAttachmentsByArticleNumber method in javascript/tinymcs/plugins/campsiteattachment/attachments.php in Campsite 3.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter.

CVE-2010-1865
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database d ...

CVE-2010-1855
SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.

CVE-2010-1877
SQL injection vulnerability in the JTM Reseller (com_jtm) component 1.9 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter in a search action to index.php.

CVE-2010-1876
SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.

CVE-2010-1873
SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information.

CVE-2010-1874
SQL injection vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information.

CVE-2010-1923
SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 Social Network Freunde Community System allows remote attackers to execute arbitrary SQL commands via the id parameter in a showgallery action.

CVE-2010-1904
SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client 1.5.x allows user-assisted remote attackers to execute arbitrary SQL commands via the metadata section of encrypted key data.

CVE-2010-1931
SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php.

CVE-2010-1924
SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shopping Multi Portal System allows remote attackers to execute arbitrary SQL commands via the artikel parameter.

CVE-2010-1994
SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATH_INFO.

CVE-2010-2016
SQL injection vulnerability in details.php in Iceberg CMS allows remote attackers to execute arbitrary SQL commands via the p_id parameter.

CVE-2010-2047
SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these details are obtained from third party information.

CVE-2010-2044
SQL injection vulnerability in the Konsultasi (com_konsultasi) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in a detail action to index.php.

CVE-2010-2133
SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942.

CVE-2010-2124
SQL injection vulnerability in firma.php in Bartels Schone ConPresso 4.0.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-2135
Multiple SQL injection vulnerabilities in login.php in HazelPress Lite 0.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) password fields.

CVE-2010-2134
Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.

CVE-2010-2142
SQL injection vulnerability in default.asp in Cyberhost allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-2141
SQL injection vulnerability in index.php in NITRO Web Gallery allows remote attackers to execute arbitrary SQL commands via the PictureId parameter in an open action.

CVE-2010-2148
SQL injection vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pagina parameter to index.php.

CVE-2010-2339
SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x allows remote attackers to execute arbitrary SQL commands via the categoryids[] parameter in an update_pages action.

CVE-2010-2338
Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-2354
SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.

CVE-2010-2359
SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com eWebquiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizType parameter, a different vector than CVE-2007-1706.

CVE-2010-2357
SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-2436
SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.

CVE-2010-2461
SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter.

CVE-2010-2460
SQL injection vulnerability in merchant_product_list.php in JCE-Tech Shareasale Script (SASS) 1 allows remote attackers to execute arbitrary SQL commands via the mechant_id parameter.

CVE-2010-2438
SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably index.php.

CVE-2010-2459
SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter.

CVE-2010-2462
SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP allows remote attackers to execute arbitrary SQL commands via the id parameter in a cancel action.

CVE-2010-2609
SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

CVE-2010-2624
Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.

CVE-2010-2623
SQL injection vulnerability in pages.php in Internet DM Specialist Bed and Breakfast allows remote attackers to execute arbitrary SQL commands via the pp_id parameter.

CVE-2010-2622
SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

CVE-2010-2616
SQL injection vulnerability in bible.php in PHP Bible Search, probably 0.99, allows remote attackers to execute arbitrary SQL commands via the chapter parameter.

CVE-2010-2611
SQL injection vulnerability in show_search_result.php in i-netsolution Job Search Engine allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

CVE-2010-2610
Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php.

CVE-2010-2635
SQL injection vulnerability in IBM WebSphere Commerce 6.0 before 6.0.0.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters to "Commerce Organization Admin Console JavaServer pages."

CVE-2010-2674
SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an articolo action.

CVE-2010-2670
SQL injection vulnerability in recipedetail.php in BrotherScripts Recipe Website allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-2696
SQL injection vulnerability in gallery/index.php in Sijio Community Software allows remote attackers to execute arbitrary SQL commands via the parent parameter.

CVE-2010-2691
Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt Design Script allow remote attackers to execute arbitrary SQL commands via the (1) sbid parameter to products_details.php, (2) pid parameter to products/products.php, and (3) designid parameter to designview.php.

CVE-2010-2684
SQL injection vulnerability in index.php in Customer Paradigm PageDirector CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-2688
SQL injection vulnerability in detail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVE-2010-2687
SQL injection vulnerability in printdetail.asp in Site2Nite Boat Classifieds allows remote attackers to execute arbitrary SQL commands via the Id parameter.

CVE-2010-2714
SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter.

CVE-2010-2716
Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) ndetail.php and (2) print.php.

CVE-2010-2719
SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-2721
SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action.

CVE-2010-2720
SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-2847
Multiple SQL injection vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allow remote attackers to execute arbitrary SQL commands via the viewform parameter in a (1) ferforms or (2) tferforms action to index.php, and the (3) id parameter in a vferforms acti ...

CVE-2010-2845
SQL injection vulnerability in the QuickFAQ (com_quickfaq) component 1.0.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a category action to index.php.

CVE-2010-2851
SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

CVE-2010-2853
SQL injection vulnerability in flashPlayer/playVideo.php in iScripts VisualCaster allows remote attackers to execute arbitrary SQL commands via the product_id parameter.

CVE-2010-2907
SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php.

CVE-2010-2906
SQL injection vulnerability in articlesdetails.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-2905.

CVE-2010-2905
SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-2909
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php.

CVE-2010-2908
SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php.

CVE-2010-2912
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.

CVE-2010-2911
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.

CVE-2010-2910
SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

CVE-2010-2915
SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-2919
SQL injection vulnerability in the StaticXT (com_staticxt) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

CVE-2010-2916
SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-2924
SQL injection vulnerability in myLDlinker.php in the myLinksDump Plugin 1.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the url parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-2923
SQL injection vulnerability in the YouTube (com_youtube) component 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_cate parameter to index.php.

CVE-2010-2922
SQL injection vulnerability in default.asp in AKY Blog allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-2921
SQL injection vulnerability in the Golf Course Guide (com_golfcourseguide) component 0.9.6.0 beta and 1 beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a golfcourses action to index.php.

CVE-2010-2926
SQL injection vulnerability in index.php in sNews 1.7 allows remote attackers to execute arbitrary SQL commands via the category parameter.

CVE-2010-2933
SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote attackers to execute arbitrary SQL commands via the ava_code cookie to the "main page," related to index.php and the login task.

CVE-2010-2925
SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allows remote attackers to execute arbitrary SQL commands via the ecPath parameter.

CVE-2010-3188
SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via a custom field to the search page.

CVE-2010-3207
SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the album_id parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-3212
SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATH_INFO.

CVE-2010-3211
Multiple SQL injection vulnerabilities in the JE FAQ Pro (com_jefaqpro) component 1.5.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via category categorylist operations with (1) the catid parameter or (2) the catid parameter in a lists action.

CVE-2010-3404
Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx.

CVE-2010-3423
SQL injection vulnerability in the Yr Weatherdata module for Drupal 6.x before 6.x-1.6 allows remote attackers to execute arbitrary SQL commands via the sorting method.

CVE-2010-3461
SQL injection vulnerability in the Publisher module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printarticle action to mod.php, a different vector than CVE-2007-3394.

CVE-2010-3458
SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.

CVE-2010-3467
SQL injection vulnerability in modules/sections/index.php in E-Xoopport Samsara 3.1 and earlier, when the Tutorial module is enabled, allows remote attackers to execute arbitrary SQL commands via the secid parameter in a listarticles action.

CVE-2010-3481
Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. NOTE: some of these details ar ...

CVE-2010-3479
SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2010-3924
SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-3929
SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors related to AjaxSearch.

CVE-2010-4006
Multiple SQL injection vulnerabilities in search.php in WSN Links 5.0.x before 5.0.81, 5.1.x before 5.1.51, and 6.0.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) namecondition or (2) namesearch parameter.

CVE-2010-4147
Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to (1) index.php and (2) product-list.php.

CVE-2010-4144
SQL injection vulnerability in radyo.asp in Kisisel Radyo Script allows remote attackers to execute arbitrary SQL commands via the Id parameter.

CVE-2010-4151
SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the xthedateformat parameter in a register action, a different vector than CVE-2005-2989, CVE-2006-2503, and CVE-2009-1033.

CVE-2010-4186
SQL injection vulnerability in process.asp in OnlineTechTools Online Work Order System (OWOS) Professional Edition 2.10 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-4273
SQL injection vulnerability in imoveis.php in DescargarVista ACC IMoveis 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-4272
SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

CVE-2010-4269
SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action.

CVE-2010-4268
SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

CVE-2010-4496
Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-4612
Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremai ...

CVE-2010-4619
SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-4615
Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) arac parameter to carsdetail.asp and the (2) marka parameter to twohandscars.asp.

CVE-2010-4633
SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1.

CVE-2010-4641
SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-4639
SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-4636
SQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVE-2010-4635
SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVE-2010-4702
SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-4752
SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. NOTE: the provenance of this information i ...

CVE-2010-4751
SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the id parameter in an edituser action, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485.

CVE-2010-4776
SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter.

CVE-2010-4795
SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. NOTE: some of these details are obtained from third party information.

CVE-2010-4793
SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVE-2010-4791
SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the album_id parameter.

CVE-2010-4797
Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.

CVE-2010-4796
Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) provinceid parameter to search.php and the (2) e parameter to resumeview.php.

CVE-2010-4799
Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to authenticate.php and the (3) ID parameter to pwn.php. NOTE: some of these details are obtain ...

CVE-2010-4800
SQL injection vulnerability in doadd.php in BaconMap 1.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.

CVE-2011-0407
SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained fr ...

CVE-2011-0434
Multiple SQL injection vulnerabilities in Domain Technologie Control (DTC) before 0.32.9 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) admin/bw_per_month.php or (2) client/bw_per_month.php.

CVE-2011-0443
SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information.

CVE-2011-0512
SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter.

CVE-2011-0510
SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action.

CVE-2011-0511
SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

CVE-2011-0516
SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site Suite 4.0 through 4.2.0 allows remote attackers to execute arbitrary SQL commands via the bid parameter.

CVE-2011-0549
SQL injection vulnerability in forget.php in the management GUI in Symantec Web Gateway 4.5.x allows remote attackers to execute arbitrary SQL commands via the username parameter.

CVE-2011-0644
SQL injection vulnerability in include/admin/model_field.class.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the modelid parameter to flash_upload.php.

CVE-2011-0645
SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows remote attackers to execute arbitrary SQL commands via the where_time parameter in a get action.

CVE-2011-0646
SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2011-0960
Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.

CVE-2011-1055
SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm.

CVE-2011-1064
SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 allows remote attackers to execute arbitrary SQL commands via the aidDB[] parameter.

CVE-2011-1061
SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the time parameter.

CVE-2011-1060
SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php.

CVE-2011-1100
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.

CVE-2011-1328
SQL injection vulnerability in RADVISION iVIEW Suite before 7.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2011-1343
SQL injection vulnerability in the Web GUI in IBM Tivoli Netcool/OMNIbus before 7.3.0.4 allows remote attackers to execute arbitrary SQL commands via "dynamic SQL parameters."

CVE-2011-1390
SQL injection vulnerability in the Maintenance tool in IBM Rational ClearQuest 7.1.1.x before 7.1.1.9, 7.1.2.x before 7.1.2.6, and 8.x before 8.0.0.2 allows remote attackers to execute arbitrary SQL commands by leveraging an error in the user-database upgrade feature.

CVE-2011-1546
Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the ...

CVE-2011-1556
SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter.

CVE-2011-1562
Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate.

CVE-2011-1609
SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647 ...

CVE-2011-1610
Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the embedded Apache HTTP Server component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5)su4, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1)su1 allow remote attackers to e ...

CVE-2011-1653
Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList ...

CVE-2011-1663
SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2011-1667
SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action.

CVE-2011-1686
Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data.

CVE-2011-1722
Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011.

CVE-2011-1913
SQL injection vulnerability in the login form in the web interface in Mercator SENTINEL 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2008-7301
SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2010-4809
SQL injection vulnerability in index.php in DBSite 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVE-2010-4808
SQL injection vulnerability in index.php in Webmatic allows remote attackers to execute arbitrary SQL commands via the p parameter.

CVE-2010-4812
Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] parameter to ajaxmember.php.

CVE-2010-4814
SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Advance Hotel Booking System 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2010-4824
SQL injection vulnerability in the augmentSQL method in core/model/Translatable.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when the Translatable extension is enabled, allows remote attackers to execute arbitrary SQL commands via the locale parameter.

CVE-2010-4845
Multiple SQL injection vulnerabilities in MH Products Projekt Shop allow remote attackers to execute arbitrary SQL commands via the (1) ts parameter to details.php and possibly the (2) ilceler parameter to index.php.

CVE-2010-4844
SQL injection vulnerability in content.php in MH Products Easy Online Shop allows remote attackers to execute arbitrary SQL commands via the kat parameter.

CVE-2010-4843
SQL injection vulnerability in website-page.php in PHP Web Scripts Ad Manager Pro 3.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.

CVE-2010-4853
SQL injection vulnerability in the ccInvoices (com_ccinvoices) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewInv action to index.php.

CVE-2010-4857
SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter.

CVE-2010-4854
SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a consume action.

CVE-2010-4847
SQL injection vulnerability in view_item.php in MH Products MHP Downloadshop allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.

CVE-2010-4846
SQL injection vulnerability in view_item.php in MH Products Pay Pal Shop Digital allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.

CVE-2010-4861
SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.

CVE-2010-4860
SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-4862
SQL injection vulnerability in the JExtensions JE Directory (com_jedirectory) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.

CVE-2010-4866
SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows remote attackers to execute arbitrary SQL commands via the forumID parameter.

CVE-2010-4865
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.

CVE-2010-4872
SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the specific parameter.

CVE-2010-4870
SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows remote attackers to execute arbitrary SQL commands via the gender parameter.

CVE-2010-4869
SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote attackers to execute arbitrary SQL commands via the editmenu parameter.

CVE-2010-4894
SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-4899
SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-4908
SQL injection vulnerability in detail.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the prodid parameter.

CVE-2010-4910
SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 allows remote attackers to execute arbitrary SQL commands via the EventID parameter in a ViewEventDetails action.

CVE-2010-4911
SQL injection vulnerability in classi/detail.php in PHP Classifieds Ads allows remote attackers to execute arbitrary SQL commands via the sid parameter.

CVE-2010-4917
SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter.

CVE-2010-4919
SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer Website 1.0 allows remote attackers to execute arbitrary SQL commands via the vehicletypeID parameter.

CVE-2010-4920
SQL injection vulnerability in detail.asp in Micronetsoft Rental Property Management Website 1.0 allows remote attackers to execute arbitrary SQL commands via the ad_ID parameter.

CVE-2010-4921
SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady Polling Booth Manager allows remote attackers to execute arbitrary SQL commands via the QuestionID parameter in a results action.

CVE-2010-4912
SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action.

CVE-2010-4915
SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action.

CVE-2010-4916
Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.

CVE-2010-4925
SQL injection vulnerability in clic.php in the Partenaires module 1.5 for Nuked-Klan allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-4954
SQL injection vulnerability in product_reviews_info.php in xt:Commerce Gambio 2008 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.

CVE-2010-4952
SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-4942
SQL injection vulnerability in location.php in the eCal module in E-Xoopport Samsara 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter.

CVE-2010-4944
SQL injection vulnerability in the Elite Experts (com_elite_experts) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showExpertProfileDetailed action to index.php.

CVE-2010-4945
SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) component 2.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

CVE-2010-4940
SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-4955
SQL injection vulnerability in board/board.php in APBoard Developers APBoard 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3078.

CVE-2010-4957
SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-4959
SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter.

CVE-2010-4967
SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 allows remote attackers to execute arbitrary SQL commands via the artID parameter.

CVE-2010-4961
SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2010-4975
SQL injection vulnerability in the Techjoomla SocialAds For JomSocial (com_socialads) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the ads description field in a showad action to index.php.

CVE-2010-4977
SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.

CVE-2010-4979
SQL injection vulnerability in image/view.php in CANDID allows remote attackers to execute arbitrary SQL commands via the image_id parameter.

CVE-2010-4972
SQL injection vulnerability in index.php in YPNinc JokeScript allows remote attackers to execute arbitrary SQL commands via the ypncat_id parameter.

CVE-2010-4974
SQL injection vulnerability in info.php in BrotherScripts (BS) and ScriptsFeed Auto Dealer allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-4980
SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

CVE-2010-4981
SQL injection vulnerability in trackads.php in YourFreeWorld Banner Management allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-4982
SQL injection vulnerability in address_book/contacts.php in My Kazaam Address & Contact Organizer allows remote attackers to execute arbitrary SQL commands via the var1 parameter.

CVE-2010-4990
SQL injection vulnerability in the Front-edit Address Book (com_addressbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a contact action to index.php.

CVE-2010-4991
SQL injection vulnerability in the NinjaMonials (com_ninjamonials) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a display action to index.php.

CVE-2010-4992
SQL injection vulnerability in the Payments Plus component 2.1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the type parameter to add.html.

CVE-2010-4993
SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

CVE-2010-4994
SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the detailed_results parameter to search_jobs.html.

CVE-2010-4987
SQL injection vulnerability in default.asp in KMSoft Guestbook (aka GBook) allows remote attackers to execute arbitrary SQL commands via the p parameter.

CVE-2010-4989
SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows remote attackers to execute arbitrary SQL commands via the grp parameter.

CVE-2010-4984
SQL injection vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to execute arbitrary SQL commands via vectors involving the "Enter Reference Number Below" text box.

CVE-2010-5009
SQL injection vulnerability in index.php in UTStats Beta 4 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter in a matchp action.

CVE-2010-5001
SQL injection vulnerability in view.php in esoftpro Online Contact Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-5003
SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial action to index.php. NOTE: some of these details are obtained from third party information.

CVE-2010-4999
SQL injection vulnerability in index.php in esoftpro Online Photo Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the section parameter.

CVE-2010-4995
SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action to index.php, a different vector than CVE-2007-4506.

CVE-2010-4996
SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.

CVE-2010-5011
SQL injection vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to execute arbitrary SQL commands via the session parameter.

CVE-2010-5012
SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-5013
SQL injection vulnerability in listing_detail.asp in Mckenzie Creations Virtual Real Estate Manager (VRM) 3.5 allows remote attackers to execute arbitrary SQL commands via the Lid parameter.

CVE-2010-5014
SQL injection vulnerability in standings.php in Elite Gaming Ladders 3.5 allows remote attackers to execute arbitrary SQL commands via the ladder[id] parameter.

CVE-2010-5021
SQL injection vulnerability in view_group.asp in Digital Interchange Document Library 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intGroupID parameter.

CVE-2010-5023
SQL injection vulnerability in index.asp in Digital Interchange Calendar 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intDivisionID parameter.

CVE-2010-5026
SQL injection vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these details are obtained from third party information.

CVE-2010-5015
SQL injection vulnerability in view_photo.php in 2daybiz Network Community Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.

CVE-2010-5016
SQL injection vulnerability in matchdb.php in Elite Gaming Ladders 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the match parameter.

CVE-2010-5017
SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 allows remote attackers to execute arbitrary SQL commands via the account parameter.

CVE-2010-5028
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.

CVE-2010-5041
SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action.

CVE-2010-5032
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php.

CVE-2010-5033
SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter.

CVE-2010-5034
SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.

CVE-2010-5036
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.

CVE-2010-5039
SQL injection vulnerability in control/admin_login.php in ScriptsFeed Recipes Listing Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter (aka the UserName field). NOTE: some of these details are obtained from third party information.

CVE-2010-5043
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php.

CVE-2010-5044
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these ...

CVE-2010-5047
SQL injection vulnerability in page.php in V-EVA Press Release Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-5055
SQL injection vulnerability in index.php in Almnzm 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-5056
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.

CVE-2010-5057
SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the tipodoc_id parameter.

CVE-2010-5058
SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the res_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2010-5060
SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2010-5061
SQL injection vulnerability in index.php in RSStatic allows remote attackers to execute arbitrary SQL commands via the maxarticles parameter.

CVE-2010-5062
SQL injection vulnerability in search.php in MH Products kleinanzeigenmarkt allows remote attackers to execute arbitrary SQL commands via the c parameter.

CVE-2010-5083
SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the url parameter in an Add action to modules.php.

CVE-2010-5103
SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.

CVE-2011-2080
Multiple SQL injection vulnerabilities in MediaCAST 8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) a CP_ENLARGESTYLE cookie to the default URI under inventivex/managetraining/ or (2) unspecified input to authenticate_ad_setup_finished.cfm.

CVE-2011-2141
SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture 8.0.1 before FP1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2011-2149
Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) Default.aspx, (3) Services/SiteAdmin.asmx, or (4) Client/frmViewReports.aspx; certain cookies to (5) S ...

CVE-2011-2467
SQL injection vulnerability in lsassd in Lsass in the Likewise Security Authority in Likewise Open 5.4 through 6.1, and Likewise Enterprise 6.0, allows local users to execute arbitrary SQL commands via unspecified vectors.

CVE-2011-2403
SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, 9.0, and 9.10 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVE-2011-2546
SQL injection vulnerability in the web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtq65669.

CVE-2011-2688
SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.

CVE-2011-2703
Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x before 5.6.7, and 6.x before 6.0.1 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) OGC filter encoding or (2) WMS time support.

CVE-2011-3130
wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Taxonomy query hardening," possibly involving SQL injection.

CVE-2011-3615
Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a (1) HTML entity or (2) display name. NOTE: some of these details are obtained from third party information.

CVE-2011-3838
Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to fp.php, (2) epage parameter to newpage.php, (3) epost parameter to newpost.php, and (4) username parameter to login.php in admin/; or the (5) username parameter to ...

CVE-2011-3831
SQL injection vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to execute arbitrary SQL commands via an uploaded file with a crafted file name.

CVE-2011-4026
SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2011-3988
SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE 2.11.0 through 2.11.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2011-3989
SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2011-4066
SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.

CVE-2011-4113
SQL injection vulnerability in the Views module before 6.x-2.13 for Drupal allows remote attackers to execute arbitrary SQL commands via vectors related to "filters/arguments on certain types of views with specific configurations of arguments."

CVE-2011-4460
SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to execute arbitrary SQL commands by leveraging access to a privileged account.

CVE-2011-4559
SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.

CVE-2011-4570
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php.

CVE-2011-4571
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php.

CVE-2011-4569
SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter.

CVE-2011-4669
SQL injection vulnerability in wp-users.php in WordPress Users plugin 1.3 and possibly earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the uid parameter to index.php.

CVE-2011-4672
Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _partner_list.php, (2) proioncategory_list.php, (3) _rantevou_list.php, (4) syncategory_list.php, (5) synallasomen ...

CVE-2011-4673
SQL injection vulnerability in modules/sharedaddy.php in the Jetpack plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2011-4674
SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, and possibly other versions before 1.8.9, allows remote attackers to execute arbitrary SQL commands via the only_hostid parameter.

CVE-2011-4725
Multiple SQL injection vulnerabilities in the Server Administration Panel in Parallels Plesk Panel 10.2.0_build1011110331.18 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by login_up.php3 and certain other files.

CVE-2011-4734
Multiple SQL injection vulnerabilities in the Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by file-manager/ and certain other files.

CVE-2011-4753
Multiple SQL injection vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by domains/sitebuilder_edit.php and certain other files.

CVE-2011-4763
Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files.

CVE-2011-4816
SQL injection vulnerability in the KPI component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service Desk 6.2; and IBM Tivoli Change and Configuratio ...

CVE-2011-4824
SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the login_username parameter.

CVE-2011-4833
Multiple SQL injection vulnerabilities in the Leads module in SugarCRM 6.1 before 6.1.7, 6.2 before 6.2.4, 6.3 before 6.3.0RC3, and 6.4 before 6.4.0beta1 allow remote attackers to execute arbitrary SQL commands via the (1) where and (2) order parameters in a get_full_list action to index.php.

CVE-2011-4847
SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL commands via a certificateslist cookie to notification@/.

CVE-2011-4921
SQL injection vulnerability in usersettings.php in e107 0.7.26, and possibly other versions before 1.0.0, allows remote attackers to execute arbitrary SQL commands via the username parameter.

CVE-2011-4946
SQL injection vulnerability in e107_admin/users_extended.php in e107 before 0.7.26 allows remote attackers to execute arbitrary SQL commands via the user_field parameter.

CVE-2011-5038
SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2011-5031
Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. NOTE: some of these details are obtained from third party information.

CVE-2011-5039
Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters to login.php, (3) the filter parameter to widget.dokumenti_lista.php, and (4) the fin_nalog_id parameter to nalozi_naslov.php.

CVE-2011-5050
SQL injection vulnerability in corporate/Controller in Elitecore Technologies Cyberoam UTM before 10.01.2 build 059 allows remote authenticated administrators to execute arbitrary SQL commands via the tableid parameter. NOTE: some of these details are obtained from third party information.

CVE-2011-5091
Multiple SQL injection vulnerabilities in GR Board (aka grboard) 1.8.6.5 Community Edition allow remote attackers to execute arbitrary SQL commands via the (1) tableType or (2) blindTarget parameter to view.php, (3) the delTargets[0] parameter to view_memo.php, or (4) the isReported parameter to wri ...

CVE-2011-5109
Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the SearchField parameter in a search action to (1) category_list.php, (2) Copy_of_calendar_list.php, (3) customer_statistics_list.php, (4) customer_list.p ...

CVE-2011-5103
SQL injection vulnerability in Alurian Prismotube PHP Video Script allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

CVE-2011-5110
Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to (1) _authors_list.php, (2) _blogs_list.php, (3) _category_list.php, (4) _comments_list.php, (5) _policy_list.php, (6) ...

CVE-2011-5099
SQL injection vulnerability in helper/popup.php in the ccNewsletter (mod_ccnewsletter) component 1.0.7 through 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2011-5111
Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang 3.x allow remote attackers to execute arbitrary SQL commands via the hal parameter to (1) the data module in alumni.php; or the (2) lih_buku, (3) artikel, (4) album, or (5) berita module in index.php.

CVE-2011-5137
Multiple SQL injection vulnerabilities in tForum b0.915 allow remote attackers to execute arbitrary SQL commands via the (1) TopicID parameter to viewtopic.php, the (2) BoardID parameter to viewboard.php, or (3) CatID parameter to viewcat.php.

CVE-2011-5139
SQL injection vulnerability in page.php in Pre Studio Business Cards Designer allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2011-5135
Multiple SQL injection vulnerabilities in the save_connection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the (1) coursereportuiconfig[name] or (2) courserep ...

CVE-2011-5145
Multiple SQL injection vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) sel_domain_id or (2) action parameter to obm.php; (3) tf_user parameter in a search action to group/group_index.php; ...

CVE-2011-5140
Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) co ...

CVE-2011-5203
SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.

CVE-2011-5200
Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php.

CVE-2011-5201
Multiple SQL injection vulnerabilities in sign.php in tinyguestbook allow remote attackers to execute arbitrary SQL commands via the (1) name and (2) msg parameters. NOTE: some of these details are obtained from third party information.

CVE-2011-5198
SQL injection vulnerability in search.php in Neturf eCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the SearchFor parameter. NOTE: some of these details are obtained from third party information.

CVE-2012-0069
SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter.

CVE-2012-0199
Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue functi ...

CVE-2012-0226
SQL injection vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-0401
Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-0727
SQL injection vulnerability in IBM Maximo Asset Management 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute arbitrary SQ ...

CVE-2012-0728
SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute ...

CVE-2012-0747
SQL injection vulnerability in IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud Control Desk, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB), allows remote authenticated users to execute ...

CVE-2012-0805
Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, as used in Keystone, allow remote attackers to execute arbitrary SQL commands via the (1) limit or (2) offset keyword to the select function, or unspecified vectors to the (3) select.limit or (4) select.offset function.

CVE-2012-0831
PHP before 5.3.10 does not properly perform a temporary change to the magic_quotes_gpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/php_variables.c, sapi/cgi/cgi_main.c, and ...

CVE-2012-0906
SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php.

CVE-2012-0905
SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php.

CVE-2012-0913
SQL injection vulnerability in checklogin.aspx in ICloudCenter ICTimeAttendance 1.0 allows remote attackers to execute arbitrary SQL commands via the passw parameter. NOTE: Some of these details are obtained from third party information.

CVE-2012-0935
SQL injection vulnerability in Default.aspx in Aryadad CMS allows remote attackers to execute arbitrary SQL commands via the PageID parameter.

CVE-2012-0982
SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the price_from parameter.

CVE-2012-0980
SQL injection vulnerability in download.php in phux Download Manager allows remote attackers to execute arbitrary SQL commands via the file parameter.

CVE-2012-0983
SQL injection vulnerability in Scriptsez.net Ez Album allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

CVE-2012-0994
SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.

CVE-2012-1017
Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9] parameters.

CVE-2012-1022
SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id parameter in an addcat action.

CVE-2012-1026
Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

CVE-2012-1029
SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information.

CVE-2012-1067
SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in an rc-content action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party ...

CVE-2012-1061
SQL injection vulnerability in GForge Advanced Server 6.0.0 and other versions before 6.0.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-1063
Multiple SQL injection vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to execute arbitrary SQL commands via the (1) viewId parameter to fault/AlarmView.do or (2) period parameter to showHistoryData.do.

CVE-2012-1071
SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012.

CVE-2012-1075
SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-1072
SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-1074
SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-1116
SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-1210
SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2012-1218
Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (1) notes and (2) tickets components.

CVE-2012-1294
SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

CVE-2012-1626
SQL injection vulnerability in the conversion form for Events in the Date module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer Date Tools" privilege to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-1656
SQL injection vulnerability in the Multisite Search module 6.x-2.2 for Drupal allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the Site table prefix field.

CVE-2012-1672
SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 allows remote attackers to execute arbitrary SQL commands via the country parameter.

CVE-2012-1673
SQL injection vulnerability in loginscript.php in e-ticketing allows remote attackers to execute arbitrary SQL commands via the password parameter.

CVE-2012-1777
SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 allows remote attackers to execute arbitrary SQL commands via the state parameter.

CVE-2012-1778
SQL injection vulnerability in artykul_print.php in CreateVision CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2012-1780
SQL injection vulnerability in search.php in SocialCMS 1.0.5 allows remote attackers to execute arbitrary SQL commands via the category parameter.

CVE-2012-1784
SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers to execute arbitrary SQL commands via the eid parameter in a profile action to index.php.

CVE-2012-1911
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.

CVE-2012-1934
SQL injection vulnerability in admin/country/edit.php in Newscoop before 3.5.5 and 4.x before 4 RC4 allows remote attackers to execute arbitrary SQL commands via the f_country_code parameter.

CVE-2012-2105
Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

CVE-2012-2115
SQL injection vulnerability in interface/login/validateUser.php in OpenEMR 4.1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the u parameter.

CVE-2012-2171
SQL injection vulnerability in ModuleServlet.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote authenticated users to execute arbitrary SQL commands via the selectedModuleOnly parameter in a state_viewmodulelog action to ...

CVE-2012-2601
SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch WhatsUp Gold 15.02 allows remote attackers to execute arbitrary SQL commands via the sGroupList parameter.

CVE-2012-2718
SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits."

CVE-2012-2762
SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.

CVE-2012-2908
Multiple SQL injection vulnerabilities in admin/bbcodes.php in Viscacha 0.8.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) bbcodeexample, (2) buttonimage, or (3) bbcodetag parameter.

CVE-2012-2923
SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter.

CVE-2012-2925
SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action.

CVE-2012-2937
Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_ ...

CVE-2012-2952
SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the add_ons parameter.

CVE-2012-2962
SQL injection vulnerability in d4d/statusFilter.php in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.2 allows remote authenticated users to execute arbitrary SQL commands via the q parameter.

CVE-2012-3350
SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.

CVE-2012-3435
SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix 1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to execute arbitrary SQL commands via the itemid parameter.

CVE-2012-3791
Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/; or (6) status pa ...

CVE-2012-3834
SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.

CVE-2012-3839
Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search.

CVE-2012-3953
SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.

CVE-2012-4034
Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5 ...

CVE-2012-4056
SQL injection vulnerability in index2.php in Uiga Personal Portal allows remote attackers to execute arbitrary SQL commands via the p parameter.

CVE-2012-4055
SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter.

CVE-2012-4060
Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp.

CVE-2012-4061
Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to diary_view.asp or (2) view_date parameter to default.asp.

CVE-2012-4178
SQL injection vulnerability in spywall/includes/deptUploads_data.php in Symantec Web Gateway 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via the groupid parameter.

CVE-2012-4260
Multiple SQL injection vulnerabilities in myCare2x allow remote attackers to execute arbitrary SQL commands via the (1) aktion or (2) callurl parameter to modules/patient/mycare2x_pat_info.php; (3) dept_nr or (4) pid parameter to modules/importer/mycare2x_importer.php; (5) myOpsEintrag or (6) keywor ...

CVE-2012-4261
SQL injection vulnerability in modules/patient/mycare2x_pat_info.php in myCare2x allows remote attackers to execute arbitrary SQL commands via the lang parameter.

CVE-2012-4282
SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2012-4281
Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/custom ...

CVE-2012-4743
Multiple SQL injection vulnerabilities in ssearch.php in Siche search module 0.5 for Zeroboard allow remote attackers to execute arbitrary SQL commands via the (1) ss, (2) sm, (3) align, or (4) category parameters.

CVE-2012-4925
Multiple SQL injection vulnerabilities in approve.php in Img Pals Photo Host 1.0 allow remote attackers to execute arbitrary SQL commands via the u parameter in a (1) app0 or (2) app1 action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party infor ...

CVE-2012-4927
SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before 1.91+ Build 120224 and earlier allows remote attackers to execute arbitrary SQL commands via the fieldnames parameter to index.php.

CVE-2012-4994
SQL injection vulnerability in admin/admin.php in LimeSurvey before 1.91+ Build 120224 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a browse action. NOTE: some of these details are obtained from third party information.

CVE-2012-4996
Multiple SQL injection vulnerabilities in RivetTracker 1.03 and earlier allow remote attackers to execute arbitrary SQL commands via the hash parameter to (1) dltorrent.php or (2) torrent_functions.php.

CVE-2012-5000
SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 for deV!L'z Clanportal allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.

CVE-2012-5098
Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (3) t parameter to pop.php.

CVE-2012-5101
SQL injection vulnerability in the JExtensions JE Poll component before 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-5162
Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in OSClass before 2.3.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) edit_category_post or (2) enable_category action to index.php.

CVE-2012-5227
SQL injection vulnerability in administrer/tva.php in Peel SHOPPING 2.8 and 2.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2012-5288
SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2012-5289
Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) index.php or (2) gallery.php.

CVE-2012-5290
Multiple SQL injection vulnerabilities in EasyWebRealEstate allow remote attackers to execute arbitrary SQL commands via the (1) lstid parameter to listings.php or (2) infoid parameter to index.php.

CVE-2012-5291
SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter.

CVE-2012-5294
SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2012-5292
Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.

CVE-2012-5297
SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2012-5300
SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2012-5312
SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

CVE-2012-5310
SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2012-5313
SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows remote attackers to execute arbitrary SQL commands via the TOPIC_ID parameter.

CVE-2012-5327
Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the Mingle Forum plugin 1.0.32.1 and other versions before 1.0.33 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) delete_usrgrp[] parameter in a delete_usergroups action, (2) usergroup par ...

CVE-2012-5334
SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter.

CVE-2012-5333
SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2012-5350
SQL injection vulnerability in the Pay With Tweet plugin before 1.2 for WordPress allows remote authenticated users with certain permissions to execute arbitrary SQL commands via the id parameter in a paywithtweet shortcode.

CVE-2012-5348
SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php.

CVE-2012-5342
Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.

CVE-2009-2234
Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter ($PHP_AUTH_USER) and (2) Password parameter ($PHP_AUTH_PW).

CVE-2009-2235
SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2009-2236
SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information.

CVE-2009-2242
SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter.

CVE-2009-2276
SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the out parameter.

CVE-2009-2309
SQL injection vulnerability in index.php in Codice CMS 2 allows remote attackers to execute arbitrary SQL commands via the tag parameter.

CVE-2009-2307
SQL injection vulnerability in the CWGuestBook module 2.1 and earlier for MAXdev MDPro (aka MD-Pro) allows remote attackers to execute arbitrary SQL commands via the rid parameter in a viewrecords action to modules.php.

CVE-2009-2311
SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627.

CVE-2009-2310
SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.

CVE-2009-2326
Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2) the topic parameter to message.php. NOTE: vector 2 can be leveraged for a cross-site scripting (XSS) ...

CVE-2009-2337
SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter.

CVE-2009-2339
SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter.

CVE-2009-2340
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are obtained from third party information.

CVE-2009-2341
SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter.

CVE-2009-2366
SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information ...

CVE-2009-2383
SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the guid parameter.

CVE-2009-2389
Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or (2) idneu parameter in an archive action, or (3) the newsid parameter.

CVE-2009-2385
SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obta ...

CVE-2009-2395
SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist action to index.php.

CVE-2009-2392
SQL injection vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to execute arbitrary SQL commands via the tid parameter.

CVE-2009-2394
SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp Arabic Script Mobile (aka Messages Library) 2.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.

CVE-2009-2390
SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php.

CVE-2009-2400
SQL injection vulnerability in the PHP (com_php) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

CVE-2009-2402
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355.

CVE-2009-2451
Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX 1.2.003 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters in a calendar action, or (3) a search term in the search form.

CVE-2009-2553
Multiple SQL injection vulnerabilities in comments.php in Super Simple Blog Script 2.5.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the entry parameter.

CVE-2009-2554
SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to index.php, which invokes th ...

CVE-2009-2567
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

CVE-2009-2573
Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via the (1) user parameter to (a) index.php and (b) rss.php.

CVE-2009-2585
SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731.

CVE-2009-2601
SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php.

CVE-2009-2598
Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a ...

CVE-2009-2599
SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action.

CVE-2009-2593
SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action.

CVE-2009-2591
SQL injection vulnerability in the MyAnnonces module for E-Xoopport 3.1 allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewannonces action to index.php.

CVE-2009-2592
SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6 allows remote attackers to execute arbitrary SQL commands via the mes_id parameter.

CVE-2009-2609
SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.

CVE-2009-2605
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.

CVE-2009-2607
SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php.

CVE-2009-2603
Multiple SQL injection vulnerabilities in index.php in Escon SupportPortal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) tid parameters.

CVE-2009-2604
Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp.

CVE-2009-2618
SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php.

CVE-2009-2638
SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php.

CVE-2009-2639
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action.

CVE-2009-2640
Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow remote attackers to execute arbitrary SQL commands via a pmadm cookie in (1) an edittemp action or (2) a users action.

CVE-2009-2735
SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

CVE-2009-2777
SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter.

CVE-2009-2774
SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVE-2009-2775
SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2009-2788
Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php.

CVE-2009-2782
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

CVE-2009-2883
SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.

CVE-2009-2881
Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/.

CVE-2009-2895
SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2009-2892
Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie.

CVE-2009-2924
Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter to catvideo.php and (3) uid parameter to cviewchannels.php.

CVE-2009-2926
Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php.

CVE-2009-2927
SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter.

CVE-2009-2921
Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field).

CVE-2009-3042
SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040.

CVE-2009-3052
SQL injection vulnerability in root/includes/prime_quick_style.php in the Prime Quick Style addon before 1.2.3 for phpBB 3 allows remote authenticated users to execute arbitrary SQL commands via the prime_quick_style parameter to ucp.php.

CVE-2009-3054
SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php.

CVE-2009-3062
SQL injection vulnerability in message_box.php in OSI Codes PHP Live! 3.3 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.

CVE-2009-3063
SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php.

CVE-2009-3116
SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the year parameter in a calendar action.

CVE-2009-3117
SQL injection vulnerability in category.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVE-2009-3148
Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) calendar.php, (2) news.php, and (3) links.php; and the (4) assignment_id parameter to assignments.php.

CVE-2009-3154
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567.

CVE-2009-3150
SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action.

CVE-2009-3175
Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php.

CVE-2009-3185
SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action.

CVE-2009-3190
Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to list.php and (2) cat parameter to rss.php.

CVE-2009-3193
SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php.

CVE-2009-3215
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.

CVE-2009-3217
SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php.

CVE-2009-3218
SQL injection vulnerability in control/login.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

CVE-2009-3224
SQL injection vulnerability in index.php in Super Mod System, when using the 68 Classifieds 3.1 Core System, allows remote attackers to execute arbitrary SQL commands via the s parameter.

CVE-2009-3223
SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

CVE-2009-3246
SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute arbitrary SQL commands via the id parameter in an spnews action to the default URI. NOTE: some of these details are obtained from third party information.

CVE-2009-3252
Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters.

CVE-2009-3309
SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a ViewDetails action, a different vector than CVE-2008-6320.

CVE-2009-3308
SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter.

CVE-2009-3316
SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.

CVE-2009-3313
Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment acti ...

CVE-2009-3314
SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 allows remote attackers to execute arbitrary SQL commands via the platform parameter.

CVE-2009-3310
SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary SQL commands via the album_id parameter in an AlbumSongs action.

CVE-2009-3321
SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP HTTP header.

CVE-2009-3327
Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the (1) QUERY parameter to search.php and (2) USERNAME parameter to login.php. NOTE: some of these details are obtained from third party information.

CVE-2009-3325
SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php.

CVE-2009-3326
SQL injection vulnerability in index.php in CMScontrol Content Management System 7.x allows remote attackers to execute arbitrary SQL commands via the id_menu parameter.

CVE-2009-3330
SQL injection vulnerability in index.php in cP Creator 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tickets parameter in a support ticket action.

CVE-2009-3334
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.

CVE-2009-3335
SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.

CVE-2009-3336
SQL injection vulnerability in auction_details.php in PHP Pro Bid allows remote attackers to execute arbitrary SQL commands via the auction_id parameter.

CVE-2009-3349
SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a cat action to the home component.

CVE-2009-3343
SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter.

CVE-2009-3356
SQL injection vulnerability in index.php in Image voting 1.0 allows remote attackers to execute arbitrary SQL commands via the show parameter.

CVE-2009-3357
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) det ...

CVE-2009-3358
SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

CVE-2009-3361
SQL injection vulnerability in index.php in PHP-IPNMonitor allows remote attackers to execute arbitrary SQL commands via the maincat_id parameter.

CVE-2009-3419
SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter.

CVE-2009-3417
SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627.

CVE-2009-3430
SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.

CVE-2009-3446
SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php.

CVE-2009-3514
Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admi ...

CVE-2009-3510
SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter.

CVE-2009-3494
Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors.

CVE-2009-3529
SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074.

CVE-2009-3528
SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execute arbitrary SQL commands via the uid parameter in a show action.

CVE-2009-3531
SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2009-3595
SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590.

CVE-2009-3590
SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter.

CVE-2009-3659
SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2009-3661
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.

CVE-2009-3669
SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php.

CVE-2009-3665
Multiple SQL injection vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) i parameter or (2) v parameters in a register action.

CVE-2009-3667
SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows remote attackers to execute arbitrary SQL commands via the Username.

CVE-2009-3712
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php; and the item_id parameter to (2) view_full_size.php, (3) classifide_ad.php, and (4) crosspromoteitems.php.

CVE-2009-3713
SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string.

CVE-2009-3715
Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

CVE-2009-3750
SQL injection vulnerability in read.php in ToyLog 0.1 allows remote attackers to execute arbitrary SQL commands via the idm parameter.

CVE-2009-3758
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.

CVE-2009-3752
SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter.

CVE-2009-3754
Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to modules/bms/invoices_discount_ajax.php, (2) f parameter to dbgraphic.php, and (3) tid parameter in a show action to advancedsearch.php.

CVE-2009-3965
SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter.

CVE-2009-3967
SQL injection vulnerability in browse.php in Ed Charkow SuperCharged Linking allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2009-3968
Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem ...

CVE-2009-3964
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php.

CVE-2009-3972
SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php.

CVE-2009-3973
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629.

CVE-2009-3975
SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and 1.2.0 allows remote attackers to execute arbitrary SQL commands via the gallery_id parameter in a gallery_view action.

CVE-2009-3970
SQL injection vulnerability in index.php in PHP Dir Submit (aka WebsiteSubmitter or Submitter Script) allows remote authenticated users to execute arbitrary SQL commands via the aid parameter in a showarticle action.

CVE-2009-4199
Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the ...

CVE-2009-4198
SQL injection vulnerability in my_orders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action.

CVE-2009-4200
SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php.

CVE-2009-4208
SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php.

CVE-2009-4204
SQL injection vulnerability in read.php in Flashlight Free Edition allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2009-4203
Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/.

CVE-2009-4206
SQL injection vulnerability in admin.link.modify.php in Million Dollar Text Links 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2009-4475
SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php.

CVE-2009-4474
SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

CVE-2009-4477
SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

CVE-2009-4540
SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2009-4550
SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php.

CVE-2009-4551
SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php.

CVE-2009-4564
SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.

CVE-2009-4561
Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

CVE-2009-4560
SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arbitrary SQL commands via the name parameter.

CVE-2009-4619
SQL injection vulnerability in the Lucy Games (com_lucygames) component 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a game action to index.php. NOTE: some of these details are obtained from third party information.

CVE-2009-4618
Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execute arbitrary SQL commands via the sitetext_id parameter to (1) aboutus.php and (2) faq.php.

CVE-2009-4615
SQL injection vulnerability in review.php in MYRE Holiday Rental Manager allows remote attackers to execute arbitrary SQL commands via the link_id parameter in a show_review action.

CVE-2009-4617
Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php, (2) details.php, (3) roomtypes.php, (4) photos.php, (5) map.php, (6) weather.php, (7) reviews.php, ...

CVE-2009-4621
SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier for Discuz! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to forummission.php.

CVE-2009-4620
SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.

CVE-2009-4628
SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.

CVE-2009-4624
SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843.

CVE-2009-4669
Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the loginus parameter to Login.php or (2) the Old Password field to changepwd.php, and allow (3) remote authenticated administrators to execute arbitrary SQL commands via the ...

CVE-2009-4667
SQL injection vulnerability in form.php in WebMember 1.0 allows remote authenticated users to execute arbitrary SQL commands via the formID parameter.

CVE-2009-4673
SQL injection vulnerability in profile.php in Mole Group Adult Portal Script allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

CVE-2009-4680
SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter.

CVE-2009-4687
SQL injection vulnerability in silentum_guestbook.php in Silentum Guestbook 2.0.2 allows remote attackers to execute arbitrary SQL commands via the messageid parameter.

CVE-2009-4698
Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php.

CVE-2009-4695
SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.

CVE-2009-4696
SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action.

CVE-2009-4719
SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows remote attackers to execute arbitrary SQL commands via the more parameter.

CVE-2009-4724
SQL injection vulnerability in shop.htm in PaymentProcessorScript.net PPScript allows remote attackers to execute arbitrary SQL commands via the cid parameter.

CVE-2009-4727
SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote attackers to execute arbitrary SQL commands via the username parameter.

CVE-2009-4721
Multiple SQL injection vulnerabilities in Admin/index.asp in Andrews-Web (A-W) BannerAd 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) User and (2) Password parameters. NOTE: some of these details are obtained from third party information.

CVE-2009-4722
SQL injection vulnerability in the CheckLogin function in includes/functions.php in Limny 1.01, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

CVE-2009-4728
SQL injection vulnerability in the administrative interface in Questions Answered 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.

CVE-2009-4735
SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.

CVE-2009-4732
SQL injection vulnerability in tt/index.php in TT Web Site Manager 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tt_name parameter. NOTE: some of these details are obtained from third party information.

CVE-2009-4734
SQL injection vulnerability in login.php in Allomani Movies Library (Movies & Clips) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.

CVE-2009-4733
SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.

CVE-2009-4730
SQL injection vulnerability in report.php in x10 Adult Media Script 1.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2009-4749
Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php.

CVE-2009-4798
Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature.

CVE-2009-4797
SQL injection vulnerability in browse.php in JobHut 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pk parameter.

CVE-2009-4792
SQL injection vulnerability in includes/content/member_content.php in BandSite CMS 1.1.4 allows remote attackers to execute arbitrary SQL commands via the memid parameter to members.php.

CVE-2009-4805
Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the storyid parameter to public/view.php or (2) the kill parameter to admin/remove.php.

CVE-2009-4807
Multiple SQL injection vulnerabilities in Graugon PHP Article Publisher 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) c parameter to index.php and the (2) id parameter to view.php.

CVE-2009-4855
** DISPUTED ** SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in th ...

CVE-2009-4860
SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter.

CVE-2009-4862
Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php.

CVE-2009-4871
SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.

CVE-2009-4870
Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. NOTE: some of these details are obtained from third party information.

CVE-2009-4872
Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.

CVE-2009-4884
Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter ...

CVE-2009-4889
SQL injection vulnerability in books.php in the Book Panel (book_panel) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the bookid parameter.

CVE-2009-4925
Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php.

CVE-2009-4892
SQL injection vulnerability in Content Management System WEBjump! allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) portfolio_genre.php and (2) news_id.php.

CVE-2009-4891
SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a products.view action.

CVE-2009-4933
Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information.

CVE-2009-4936
Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php) ...

CVE-2009-4935
SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter.

CVE-2009-4940
SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.

CVE-2009-4958
SQL injection vulnerability in video.php in EMO Breeder Manager (aka EMO Breader Manager) allows remote attackers to execute arbitrary SQL commands via the idd parameter.

CVE-2009-4973
SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows remote attackers to execute arbitrary SQL commands via the selectedCal parameter in a SwitchCal action.

CVE-2009-4982
SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to the default URI.

CVE-2009-5088
SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter.

CVE-2009-4985
SQL injection vulnerability in browse.php in Accessories Me PHP Affiliate Script 1.4 allows remote attackers to execute arbitrary SQL commands via the Go parameter.

CVE-2009-4992
SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVE-2009-5090
SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors.

CVE-2009-5094
SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate allows remote attackers to execute arbitrary SQL commands via the item parameter.

CVE-2010-4700
The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properl ...

CVE-2009-2230
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.

CVE-2009-2239
SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

CVE-2009-2254
Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/sqlpatch.php, which allows remote attackers to execute arbitrary SQL commands via the query_string parameter in an execute action, in conjunction with a PATH_INFO of password_forgotten.php, related to a "SQL ...

CVE-2009-2308
Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter.

CVE-2009-2361
SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.

CVE-2009-2608
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.

CVE-2009-2781
SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666.

CVE-2009-2786
SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter.

CVE-2009-2929
Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) ...

CVE-2009-3315
SQL injection vulnerability in admin/index.php in NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 allows remote attackers to execute arbitrary SQL commands via the Username field.

CVE-2009-3332
SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php.

CVE-2009-3543
SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name).

CVE-2009-3718
SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter.

CVE-2009-3971
SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php.

CVE-2009-4625
SQL injection vulnerability in the updateOnePage function in components/com_bfsurvey_pro/controller.php in BF Survey Pro Free (com_bfsurvey_profree) 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in a ...

CVE-2009-4748
SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php.

CVE-2009-4791
Multiple SQL injection vulnerabilities in Family Connections (aka FCMS) before 1.8.2 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to addressbook.php, (2) id parameter to recipes.php, (3) year parameter to register.php, (4) poll_id parameter to home.php, and ( ...

CVE-2009-4796
Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.

CVE-2009-4883
SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action.

CVE-2009-4938
SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to index.php.

CVE-2009-5091
SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2012-0036
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol.

CVE-2007-3563
SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php.

CVE-2007-3539
Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; ( ...

CVE-2007-3687
SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action.

CVE-2007-3933
SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053.

CVE-2007-3937
Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2007-3938
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676.

CVE-2007-4056
SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. NOTE: the original report indicated that this was the "photo" SourceForge project (aka Maan Bsat Photo Collection), but that w ...

CVE-2007-4258
SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2007-4368
SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.

CVE-2007-4456
SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Ma ...

CVE-2007-4597
SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549.

CVE-2007-4581
SQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 allows remote attackers to execute arbitrary SQL commands via the show parameter.

CVE-2007-4604
SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.

CVE-2007-4603
Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter in a showarticle action or (2) the catid parameter in a showcat action.

CVE-2007-4602
SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS (Micro-CMS) 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-4714
SQL injection vulnerability in error_view.php in Yvora 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVE-2007-4653
SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action.

CVE-2007-4736
SQL injection vulnerability in category.php in CartKeeper CKGold Shopping Cart 2.0 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

CVE-2007-4804
Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through reque ...

CVE-2007-4808
Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter ...

CVE-2007-4846
SQL injection vulnerability in start.php in Webace-Linkscript (wls) 1.3 Special Edition (SE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik go action.

CVE-2007-4845
Multiple SQL injection vulnerabilities in UPLOAD/index.php in RW::Download 2.0.3 lite allow remote attackers to execute arbitrary SQL commands via the (1) dlid or (2) cid parameter.

CVE-2007-4922
SQL injection vulnerability in play.php in the jeuxflash 1.0 module for KwsPHP allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a play ac action to index.php. NOTE: some details are obtained from third party information.

CVE-2007-4920
SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter.

CVE-2007-4919
Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote attackers to execute arbitrary SQL commands via the id parameter to index.php, and allow (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/modifpost.php.

CVE-2007-4918
SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php.

CVE-2007-4956
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php i ...

CVE-2007-4953
SQL injection vulnerability in index.php in SimpCMS allows remote attackers to execute arbitrary SQL commands via the keyword parameter in a search site action.

CVE-2007-4952
SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917.

CVE-2007-4984
SQL injection vulnerability in index.php in the Ktauber.com StylesDemo mod for phpBB 2.0.xx allows remote attackers to execute arbitrary SQL commands via the s parameter.

CVE-2007-4979
SQL injection vulnerability in index.php in the sondages module in KwsPHP 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a results action, a different module than CVE-2007-4956.2.

CVE-2007-5016
SQL injection vulnerability in userreviews.php in OneCMS 2.4 allows remote attackers to execute arbitrary SQL commands via the abc parameter.

CVE-2007-5061
SQL injection vulnerability in mods/banners/navlist.php in Clansphere 2007.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php in a banners action.

CVE-2007-5068
SQL injection vulnerability in index.php in phpFullAnnu (PFA) 6.0 allows remote attackers to execute arbitrary SQL commands via the mod parameter.

CVE-2007-5131
SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x allows remote attackers to execute arbitrary SQL commands via the catId parameter in a browse action. NOTE: it was separately reported that ActiveKB 1.5 is also affected.

CVE-2007-5122
SQL injection vulnerability in store_info.php in SoftBiz Classifieds PLUS allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-5123
SQL injection vulnerability in notas.asp in Novus 1.0 allows remote attackers to execute arbitrary SQL commands via the nota_id parameter.

CVE-2007-5177
SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter.

CVE-2007-5222
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.76 allows remote attackers to execute arbitrary SQL commands via a "Firefox ID=" substring in a Referer HTTP header.

CVE-2007-5187
SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter.

CVE-2007-5233
SQL injection vulnerability in index.php in Web Template Management System 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a readmore action.

CVE-2007-5272
SQL injection vulnerability in kategori.asp in Furkan Tastan Blog allows remote attackers to execute arbitrary SQL commands via the id parameter in a goster kat action.

CVE-2007-5261
Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php.

CVE-2007-5308
SQL injection vulnerability in galerie.php in PHP Homepage M (phpHPm) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.

CVE-2007-5316
SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.

CVE-2007-5408
SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows remote attackers to execute arbitrary SQL commands via the category parameter.

CVE-2007-5449
SQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.

CVE-2007-5458
SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.

CVE-2007-5452
Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter.

CVE-2007-5490
SQL injection vulnerability in default.asp in Okul Otomasyon Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-5485
SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter.

CVE-2007-5511
SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficien ...

CVE-2007-5630
SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS 1.5.10 through 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a tnews action.

CVE-2007-5646
SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.

CVE-2007-5643
Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.

CVE-2007-5679
SQL injection vulnerability in index.php in DeeEmm.com DM CMS 0.7.0.Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in the media page (build_media_content.php). NOTE: it was later reported that 0.7.4 is also affected.

CVE-2007-5719
SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows remote attackers to execute arbitrary SQL commands via the table parameter to index.php.

CVE-2007-5887
SQL injection vulnerability in boards/printer.asp in ASP Message Board 2.2.1c allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-5912
SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.

CVE-2007-5973
SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.

CVE-2007-5974
SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.

CVE-2007-5996
SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.

CVE-2007-5997
SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.

CVE-2007-5992
SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page.

CVE-2007-5998
SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.

CVE-2007-5999
SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-6004
Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action.

CVE-2007-6058
Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) codes action in the profile-codes module, (2) videos action in the video-codes module, or (3) games action in the arcade-games modu ...

CVE-2007-6080
SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected.

CVE-2007-6078
Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involving a parameter passed from cp_main.asp; (3) inc_profile_functions.asp; or (4) inc_SUBSCRIPTIONS.asp; o ...

CVE-2007-6106
SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.

CVE-2007-6083
SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.

CVE-2007-6084
SQL injection vulnerability in software-description.php in HotScripts Clone Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-6127
Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachab ...

CVE-2007-6128
SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter.

CVE-2007-6125
SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.

CVE-2007-6164
Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php.

CVE-2007-6202
SQL injection vulnerability in plugins/search/search.php in Neocrome Seditio CMS 121 and earlier allows remote attackers to execute arbitrary SQL commands via the pag_sub[] parameter to plug.php.

CVE-2007-6223
SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 allows remote attackers to execute arbitrary SQL commands via the make_id parameter in a search action in browse mode.

CVE-2007-6217
Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information.

CVE-2007-6292
SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-6311
SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter.

CVE-2007-6362
SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action.

CVE-2007-6366
Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or ...

CVE-2007-6393
SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode.

CVE-2007-6394
SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action.

CVE-2007-6391
SQL injection vulnerability in patch/comments.php in SH-News 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-6392
SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI.

CVE-2007-6458
SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php.

CVE-2007-6462
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-6466
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later repo ...

CVE-2007-6472
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistin ...

CVE-2007-6498
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the G ...

CVE-2007-6544
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylin ...

CVE-2007-6543
SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-6556
Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp.

CVE-2007-6551
SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-6577
Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the categ parameter in a categ action or (2) the article parameter in an articles action.

CVE-2007-6578
SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-6575
SQL injection vulnerability in default.php in MMSLamp allows remote attackers to execute arbitrary SQL commands via the idpro parameter in a prodotti_dettaglio action.

CVE-2007-6576
Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) videolink_count.php or (2) links.php.

CVE-2007-6566
SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php.

CVE-2007-6565
Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component.

CVE-2007-6557
Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors.

CVE-2007-6580
Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to editadgroup.php.

CVE-2007-6583
SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter.

CVE-2007-6586
SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php.

CVE-2007-6579
Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id parameter to nodelist ...

CVE-2007-6602
SQL injection vulnerability in app/models/identity.php in NoseRub 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username field to the login script.

CVE-2007-6622
SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.

CVE-2007-6647
SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2007-6639
SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewdir action.

CVE-2007-6656
SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.

CVE-2007-6665
SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to execute arbitrary SQL commands via the txtLoginID parameter.

CVE-2007-6666
SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter.

CVE-2007-6667
SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by CVE-2005-0413.

CVE-2007-6663
SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php.

CVE-2007-6664
SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.

CVE-2007-6658
SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page.

CVE-2008-0099
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors.

CVE-2008-0089
SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter.

CVE-2008-0142
Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors.

CVE-2008-0133
Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action.

CVE-2008-0138
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.

CVE-2008-0137
PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.

CVE-2008-0129
SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter.

CVE-2008-0157
SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie.

CVE-2008-0154
SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter.

CVE-2008-0159
SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.

CVE-2008-0144
PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences.

CVE-2008-0147
SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action.

CVE-2008-0187
SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter.

CVE-2008-0185
SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php).

CVE-2008-0219
SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.

CVE-2008-0232
Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php.

CVE-2008-0255
SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter.

CVE-2008-0253
SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter.

CVE-2008-0254
SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter.

CVE-2008-0280
SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter.

CVE-2008-0270
SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter.

CVE-2008-0278
SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action.

CVE-2008-0279
SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. NOTE: the categorie parameter might also be affected.

CVE-2008-0262
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.

CVE-2008-0256
Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.

CVE-2008-0291
SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2008-0290
Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in th ...

CVE-2008-0288
Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection. ...

CVE-2008-0282
SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter.

CVE-2008-0327
SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0325
SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0326
SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php.

CVE-2008-0301
Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors.

CVE-2008-0328
SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0371
Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id paramet ...

CVE-2008-0355
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866.

CVE-2008-0353
SQL injection vulnerability in visualizza_tabelle.php in php-residence 0.7.2 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cognome_cerca parameter. NOTE: some of these details are obtained from third party information.

CVE-2008-0358
SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter.

CVE-2008-0397
Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to comments.php and (2) an unspecified parameter to view.php.

CVE-2008-0388
SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI.

CVE-2008-0421
SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command.

CVE-2008-0424
SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter.

CVE-2008-0422
SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0430
SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter.

CVE-2008-0428
Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php.

CVE-2008-0429
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.

CVE-2008-0453
SQL injection vulnerability in list.php in Easysitenetwork Recipe allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.

CVE-2008-0446
SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0447
SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter.

CVE-2008-0461
SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. NOTE: some of these details are obtained from thir ...

CVE-2008-0468
SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0469
SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action.

CVE-2008-0490
SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0498
SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php.

CVE-2008-0491
SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter.

CVE-2008-0512
SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

CVE-2008-0510
SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

CVE-2008-0511
SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.

CVE-2008-0507
SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0538
Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to login.php, the (2) id parameter to display.php, and unspecified other vectors. NOTE: some of these details are obtained from third party inform ...

CVE-2008-0520
Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php.

CVE-2008-0517
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.

CVE-2008-0514
SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action.

CVE-2008-0515
SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.

CVE-2008-0518
SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

CVE-2008-0519
SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action.

CVE-2008-0546
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp.

CVE-2008-0579
SQL injection vulnerability in index.php in the buslicense (com_buslicense) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in a list action.

CVE-2008-0561
SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

CVE-2008-0562
SQL injection vulnerability in index.php in the Restaurant (com_restaurant) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

CVE-2008-0565
SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0557
SQL injection vulnerability in index.php in the CatalogShop (com_catalogshop) 1.0b1 componenent for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

CVE-2008-0603
SQL injection vulnerability in index.php in the amazOOP Awesom! (com_awesom) 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task.

CVE-2008-0601
SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.

CVE-2008-0616
SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.

CVE-2008-0614
SQL injection vulnerability in index.php in Photokorn Gallery 1.543 allows remote attackers to execute arbitrary SQL commands via the pic parameter in a showpic action.

CVE-2008-0611
SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0606
SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter.

CVE-2008-0607
SQL injection vulnerability in index.php in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) 2.5.3 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: the provenance of this information is unknown; the details are obtained so ...

CVE-2008-0652
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.

CVE-2008-0653
SQL injection vulnerability in index.php in the Ynews (com_ynews) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showYNews action.

CVE-2008-0649
SQL injection vulnerability in detail.php in Astanda Directory Project (ADP) 1.2 and 1.3 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.

CVE-2008-0670
SQL injection vulnerability in index.php in the Noticias (com_noticias) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detalhe action.

CVE-2008-0677
SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action.

CVE-2008-0675
SQL injection vulnerability in cms/index.pl in The Everything Development Engine in The Everything Development System Pre-1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the node_id parameter.

CVE-2008-0690
SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action.

CVE-2008-0682
SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0683
SQL injection vulnerability in shiftthis-preview.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.

CVE-2008-0681
SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action.

CVE-2008-0689
SQL injection vulnerability in index.php in the Marketplace (com_marketplace) 1.1.1 and 1.1.1-pl1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_category action.

CVE-2008-0686
SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.

CVE-2008-0678
SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action.

CVE-2008-0721
SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter.

CVE-2008-0714
SQL injection vulnerability in users.php in Mihalism Multi Host allows remote attackers to execute arbitrary SQL commands via the username parameter in a lost_password_go action.

CVE-2008-0719
SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter.

CVE-2008-0695
SQL injection vulnerability in index.php in BookmarkX script 2007 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a showtopic action.

CVE-2008-0692
SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.

CVE-2008-0737
SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter.

CVE-2008-0734
SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php.

CVE-2008-0735
SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter.

CVE-2008-0772
SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task.

CVE-2008-0770
SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the g_display_order cookie parameter.

CVE-2008-0761
SQL injection vulnerability in index.php in the Prince Clan Chess Club (com_pcchess) 0.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a players action.

CVE-2008-0752
SQL injection vulnerability in index.php in the Neogallery (com_neogallery) 1.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show action.

CVE-2008-0746
SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

CVE-2008-0773
SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0776
SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.

CVE-2008-0795
SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.

CVE-2008-0796
SQL injection vulnerability in threads.php in Nuboard 0.5 allows remote attackers to execute arbitrary SQL commands via the ssid parameter.

CVE-2008-0787
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.

CVE-2008-0799
SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.

CVE-2008-0811
Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php.

CVE-2008-0802
SQL injection vulnerability in index.php in the MediaSlide (com_mediaslide) 0.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the albumnum parameter in a contact action.

CVE-2008-0800
SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) 0.9 Final component for Joomla! allows remote attackers to execute arbitrary SQL commands via the tid parameter in a user_tst_shw action.

CVE-2008-0801
SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter.

CVE-2008-0831
Multiple SQL injection vulnerabilities in the Rapid Recipe (com_rapidrecipe) 1.6.5 and earlier component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) user_id or (2) category_id parameter. NOTE: this might overlap CVE-2008-0754.

CVE-2008-0832
SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action.

CVE-2008-0821
SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action.

CVE-2008-0829
SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.

CVE-2008-0827
SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.

CVE-2008-0857
SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page.

CVE-2008-0847
SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter.

CVE-2008-0844
SQL injection vulnerability in index.php in the PccookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

CVE-2008-0842
SQL injection vulnerability in index.php in the Classifier (com_clasifier) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

CVE-2008-0841
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0835
SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter.

CVE-2008-0833
SQL injection vulnerability in index.php in the com_galeria component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

CVE-2008-0839
SQL injection vulnerability in refer.php in the astatsPRO (com_astatspro) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0880
SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter.

CVE-2008-0881
SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action.

CVE-2008-0878
SQL injection vulnerability in index.php in the MyAnnonces 1.7 and earlier module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.

CVE-2008-0873
SQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action.

CVE-2008-0874
SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.

CVE-2008-0921
SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-0922
SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php.

CVE-2008-0920
SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression.

CVE-2008-0911
SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter.

CVE-2008-0907
SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.

CVE-2008-0906
SQL injection vulnerability in the Docum module in PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle operation.

CVE-2008-0934
SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action.

CVE-2008-0939
Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by th ...

CVE-2008-1039
SQL injection vulnerability in question.asp in PORAR WEBBOARD allows remote attackers to execute arbitrary SQL commands via the QID parameter.

CVE-2008-1053
Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php.

CVE-2008-1077
SQL injection vulnerability in index.php in the Simpleboard (com_simpleboard) 1.0.3 Stable component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action.

CVE-2008-1094
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.

CVE-2008-1122
SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported that this also affects Koobi CMS 4.2.4, 4.2.5, and 4.3.0.

CVE-2008-1121
SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the session_vars cookie.

CVE-2008-1137
SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

CVE-2008-1164
SQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action.

CVE-2008-1163
SQL injection vulnerability in index.php in phpArcadeScript 1.0 through 3.0 RC2 allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action.

CVE-2008-1162
SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Photo Gallery 1.02 allows remote attackers to execute arbitrary SQL commands via the albumID parameter.

CVE-2008-1177
SQL injection vulnerability in shop/detail.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-1272
Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php.

CVE-2008-1297
SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.

CVE-2008-1295
SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter.

CVE-2008-1305
SQL injection vulnerability in filebase.php in the Filebase mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-1316
SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickTalk Forum 1.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-1313
Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) post_id, (2) post_category_id, (3) post_year_month, and (4) static_page_id parameters; and unspecified other vectors.

CVE-2008-1344
Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in a dayview action to plugins/calendar/calendar_backend.php and the (2) page parameter to ajaxp_backend.php.

CVE-2008-1346
SQL injection vulnerability in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action.

CVE-2008-1336
SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows remote attackers to execute arbitrary SQL commands via the categ parameter in a links action to index.php, a different vector than CVE-2008-1122.

CVE-2008-1351
SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage action to index.php.

CVE-2008-1350
SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action.

CVE-2008-1349
SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

CVE-2008-1398
SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.

CVE-2008-1408
SQL injection vulnerability in includes/functions/banners-external.php in phpBP 2 RC3 (2.204) FIX 4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a banner_out action.

CVE-2008-1407
SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.

CVE-2008-1406
SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the lid parameter in an ImprAnn action.

CVE-2008-1404
SQL injection vulnerability in index.php in the Viso (Industry Book) 2.04 and 2.03 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the kid parameter.

CVE-2008-1425
SQL injection vulnerability in index.php in the gallery module in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a kate action.

CVE-2008-1427
SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php.

CVE-2008-1426
SQL injection vulnerability in album.asp in KAPhotoservice allows remote attackers to execute arbitrary SQL commands via the albumid parameter.

CVE-2008-1430
SQL injection vulnerability in links.asp in ASPapp allows remote attackers to execute arbitrary SQL commands via the CatId parameter.

CVE-2008-1465
SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562.

CVE-2008-1462
SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action.

CVE-2008-1460
SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

CVE-2008-1459
SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

CVE-2008-1496
Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in ...

CVE-2008-1509
SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the query parameter.

CVE-2008-1539
SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary SQL commands via the p parameter to modules.php for the Forums module.

CVE-2008-1513
SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.

CVE-2008-1554
SQL injection vulnerability in account/index.php in TopperMod 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a non-alphanumeric first character the localita parameter, which bypasses a protection mechanism.

CVE-2008-1559
SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

CVE-2008-1591
The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP H ...

CVE-2008-1613
SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter.

CVE-2008-1608
SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583.

CVE-2008-1623
SQL injection vulnerability in admin_view_image.php in Smoothflash allows remote attackers to execute arbitrary SQL commands via the cid parameter.

CVE-2008-1640
SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter in an ansicht action.

CVE-2008-1646
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter.

CVE-2008-1639
SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php.

CVE-2008-1650
SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action.

CVE-2008-1715
SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.

CVE-2008-1714
SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-1732
SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action.

CVE-2008-1726
Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.

CVE-2008-1750
SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI.

CVE-2008-1759
SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922.

CVE-2008-1758
SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to index.php.

CVE-2008-1763
SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter.

CVE-2008-1789
SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.

CVE-2008-1774
SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-1791
SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the ladderid parameter.

CVE-2008-1847
SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook 2.11 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-1838
SQL injection vulnerability in BosClassifieds Classified Ads System 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.

CVE-2008-1867
SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php.

CVE-2008-1864
SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter.

CVE-2008-1863
SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-1859
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.

CVE-2008-1858
SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVE-2008-1869
SQL injection vulnerability in Site Sift Listings allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: this issue might be site-specific.

CVE-2008-1872
SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information.

CVE-2008-1871
SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action.

CVE-2008-1870
SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-1875
SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter.

CVE-2008-1874
SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.05 and earlier allows remote authenticated users to execute arbitrary SQL commands via the reed parameter.

CVE-2008-1895
Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to events.asp, the (2) UserName parameter to getpassword.asp, and possibly an unspecified parameter to (3) option_Update.asp in an edit actio ...

CVE-2008-1889
SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials 2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-1911
SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 beta and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a cookpass cookie.

CVE-2008-1909
SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

CVE-2008-1907
Multiple SQL injection vulnerabilities in functions/display_page.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 an ...

CVE-2008-1921
SQL injection vulnerability in store_pages/category_list.php in 5th Avenue Shopping Cart 1.2 trial edition allows remote attackers to execute arbitrary SQL commands via the category_ID parameter.

CVE-2008-1913
SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the new parameter in a new action.

CVE-2008-1919
SQL injection vulnerability in listtest.php in YourFreeWorld Apartment Search Script allows remote attackers to execute arbitrary SQL commands via the r parameter.

CVE-2008-1918
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later ...

CVE-2008-1915
SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-1936
SQL injection vulnerability in index.php in Classifieds Caffe allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an add action. NOTE: this issue might be site-specific.

CVE-2008-1935
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.

CVE-2008-1934
SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-1939
Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) topic parameters to (a) philboard_reply.asp, and the (3) forumid parameter to (b) philboard_newtopic.asp, different vectors than CVE-2007-2641 and CVE-2007-0 ...

CVE-2008-1957
SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode.

CVE-2008-1954
SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

CVE-2008-1982
SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.

CVE-2008-1975
SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter.

CVE-2008-1961
SQL injection vulnerability in index.php in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to execute arbitrary SQL commands via the AMG_id parameter in a comments action.

CVE-2008-1990
Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp.

CVE-2008-2013
SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a display action.

CVE-2008-2012
SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action.

CVE-2008-2036
SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter in a poll action.

CVE-2008-2023
Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp.

CVE-2008-2029
Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php.

CVE-2008-2047
Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp.

CVE-2008-2063
SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter.

CVE-2008-2065
SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter.

CVE-2008-2084
SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a listarticles action.

CVE-2008-2083
SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.

CVE-2008-2088
SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php.

CVE-2008-2087
SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817.

CVE-2008-2096
SQL injection vulnerability in BackLinkSpider allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to a site-specific component name such as link.php or backlinkspider.php.

CVE-2008-2095
SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter.

CVE-2008-2093
SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php.

CVE-2008-2114
SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.

CVE-2008-2113
SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

CVE-2008-2125
SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2.3.7 allows remote attackers to execute arbitrary SQL commands via the artistId parameter.

CVE-2008-2124
SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS allows remote attackers to execute arbitrary SQL commands via the lg parameter.

CVE-2008-2135
Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php.

CVE-2008-2132
SQL injection vulnerability in step1.asp in Systementor PostcardMentor allows remote attackers to execute arbitrary SQL commands via the cat_fldAuto parameter.

CVE-2008-2129
SQL injection vulnerability in index.php in Galleristic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2008-2191
SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and earlier for PostNuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a display_term action to index.php.

CVE-2008-2190
SQL injection vulnerability in index.php in Online Rent (aka Online Rental Property Script) 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it was later reported that 5.0 and earlier are also affected.

CVE-2008-2183
SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to execute arbitrary SQL commands via the idt parameter.

CVE-2008-2180
Multiple SQL injection vulnerabilities in cpLinks 1.03, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) admin_username parameter (aka the username field) to admin/index.php and the (2) search_text and (3) search_category parameters to search.ph ...

CVE-2008-2189
SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2008-2177
Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to show.php and the (2) login parameter to admin.php.

CVE-2008-2175
SQL injection vulnerability in comments.php in Gamma Scripts BlogMe PHP 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2194
SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.

CVE-2008-2197
SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php.

CVE-2008-2225
SQL injection vulnerability in index.php in gameCMS Lite 1.0 allows remote attackers to execute arbitrary SQL commands via the systemId parameter.

CVE-2008-2223
SQL injection vulnerability in group_posts.php in vShare YouTube Clone 2.6 allows remote attackers to execute arbitrary SQL commands via the tid parameter.

CVE-2008-2222
SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote attackers to bypass EQdkp user authentication via the user_id parameter.

CVE-2008-2263
SQL injection vulnerability in linking.page.php in Automated Link Exchange Portal allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: linking.page.php is commonly renamed to link.php, links.php, etc.

CVE-2008-2278
SQL injection vulnerability in browseproject.php in Freelance Auction Script 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a pdetails action.

CVE-2008-2277
SQL injection vulnerability in detail.php in Feedback and Rating Script 1.0 allows remote attackers to execute arbitrary SQL commands via the listingid parameter.

CVE-2008-2265
SQL injection vulnerability in news.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the ida parameter.

CVE-2008-2301
SQL injection vulnerability in Kostenloses Linkmanagementscript allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) top_view.php.

CVE-2008-2340
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.

CVE-2008-2337
Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php in, different vectors t ...

CVE-2008-2336
SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2008-2351
Multiple SQL injection vulnerabilities in index.php in CMS WebManager-Pro allow remote attackers to execute arbitrary SQL commands via the (1) lang_id and (2) menu_id parameters.

CVE-2008-2356
SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 and earlier allows remote attackers to execute arbitrary SQL commands via the post_id parameter.

CVE-2008-2393
SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2395
SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2394
Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to contact.php and the (2) nid parameter to news.php.

CVE-2008-2384
SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQ ...

CVE-2008-2411
SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action.

CVE-2008-2416
SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter in a Fiction action, possibly related to sources/fiction.class.php.

CVE-2008-2444
SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary SQL commands via the langsel parameter.

CVE-2008-2443
SQL injection vulnerability in dpage.php in The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the docID parameter.

CVE-2008-2447
SQL injection vulnerability in products.php in the Mytipper ZoGo-shop plugin 1.15.5 and 1.16 Beta 13 for e107 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2008-2446
Multiple SQL injection vulnerabilities in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) userid parameter to (a) profile.php in a "show moreinfo" action; the (2) bildid parameter to (b) picturegaller ...

CVE-2008-2417
SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard 4.1 allows remote attackers to execute arbitrary SQL commands via the qNo parameter.

CVE-2008-2461
SQL injection vulnerability in index.php in Netious CMS 0.4 allows remote attackers to execute arbitrary SQL commands via the pageid parameter, a different vector than CVE-2006-4047.

CVE-2008-2456
SQL injection vulnerability in index.php in ComicShout 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the comic_id parameter.

CVE-2008-2455
SQL injection vulnerability in comment.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the rid parameter.

CVE-2008-2454
SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php.

CVE-2008-2453
Multiple SQL injection vulnerabilities in PHP Classifieds Script allow remote attackers to execute arbitrary SQL commands via the fatherID parameter to (1) browse.php and (2) search.php.

CVE-2008-2457
SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

CVE-2008-2448
Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp a ...

CVE-2008-2477
SQL injection vulnerability in index.php in MxBB (aka MX-System) Portal 2.7.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2008-2487
SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a webboard action.

CVE-2008-2484
SQL injection vulnerability in index.php in Xomol CMS 1.20071213, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the email parameter.

CVE-2008-2506
Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) mainid and (2) id parameters to index2.php.

CVE-2008-2504
Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to netbutik.php and the (2) id parameter to product.php.

CVE-2008-2501
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.

CVE-2008-2532
SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2530
Multiple SQL injection vulnerabilities in Concepts & Solutions QuickUpCMS allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter to (a) frontend/news.php, the (2) id parameter to (b) events3.php and (c) videos2.php in frontend/, the (3) y parameter to (d) frontend/events2. ...

CVE-2008-2522
SQL injection vulnerability in members.php in Battle.net Clan Script for PHP 1.5.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showmember parameter in a members action.

CVE-2008-2521
SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter.

CVE-2008-2529
SQL injection vulnerability in read.php in Advanced Links Management (ALM) 1.5.2 allows remote attackers to execute arbitrary SQL commands via the catId parameter.

CVE-2008-2554
Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp.

CVE-2008-2537
SQL injection vulnerability in cat.php in HispaH Model Search allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2008-2536
SQL injection vulnerability in out.php in YABSoft Advanced Image Hosting (AIH) Script 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t parameter.

CVE-2008-2535
Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in admin/module/.

CVE-2008-2565
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.

CVE-2008-2564
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.

CVE-2008-2562
SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action.

CVE-2008-2560
SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter.

CVE-2008-2555
SQL injection vulnerability in index.php in EasyWay CMS allows remote attackers to execute arbitrary SQL commands via the mid parameter.

CVE-2008-2556
SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action.

CVE-2008-2572
SQL injection vulnerability in php/leer_comentarios.php in FlashBlog allows remote attackers to execute arbitrary SQL commands via the articulo_id parameter.

CVE-2008-2569
SQL injection vulnerability in the EasyBook (com_easybook) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a deleteentry action to index.php.

CVE-2008-2629
SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.

CVE-2008-2628
SQL injection vulnerability in the eQuotes (com_equotes) component 0.9.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

CVE-2008-2627
SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 and earlier and 1.0, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the userid parameter in a userblog action to index.php.

CVE-2008-2626
SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.

CVE-2008-2632
SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php.

CVE-2008-2630
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php.

CVE-2008-2634
SQL injection vulnerability in index.asp in I-Pos Internet Pay Online Store 1.3 Beta and earlier allows remote attackers to execute arbitrary SQL commands via the item parameter.

CVE-2008-2633
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.

CVE-2008-2643
SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.

CVE-2008-2652
Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters.

CVE-2008-2651
SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the forum parameter in a forum action to index.php.

CVE-2008-2647
SQL injection vulnerability in admin/journal_change_mask.inc.php in meBiblio 0.4.7 allows remote attackers to execute arbitrary SQL commands via the JID parameter.

CVE-2008-2676
SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.

CVE-2008-2673
SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter.

CVE-2008-2671
SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2670
Multiple SQL injection vulnerabilities in index.php in Insanely Simple Blog 0.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter, or (2) the term parameter in a search action. NOTE: the current_subsection parameter is already covered by CVE-2007-3889.

CVE-2008-2669
Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php.

CVE-2008-2679
SQL injection vulnerability in the KeyWordsList function in _includes/inc_routines.asp in Realm CMS 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the kwrd parameter in a kwl action to the default URI.

CVE-2008-2678
Multiple SQL injection vulnerabilities in Telephone Directory 2008, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) code parameter in a confirm_data action to edit1.php and the (2) id parameter to view_more.php.

CVE-2008-2692
SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php.

CVE-2008-2691
SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter.

CVE-2008-2688
SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the article parameter in a kb action.

CVE-2008-2700
SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2701
SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php.

CVE-2008-2753
Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) xslIdn parameter to (a) utils/getXsl.aspx, and the (2) part parameter to (b) getXml.aspx and (c) getXls.aspx in utils/.

CVE-2008-2755
SQL injection vulnerability in index.php in JAMM CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2754
SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter.

CVE-2008-2746
SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the detail parameter.

CVE-2008-2774
SQL injection vulnerability in item.php in CartKeeper CKGold Shopping Cart 2.5 and 2.7 allows remote attackers to execute arbitrary SQL commands via the category_id parameter, a different vector than CVE-2007-4736.

CVE-2008-2770
SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.

CVE-2008-2793
SQL injection vulnerability in group_posts.php in ClipShare before 3.0.1 allows remote attackers to execute arbitrary SQL commands via the tid parameter.

CVE-2008-2792
SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter.

CVE-2008-2791
SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2790
SQL injection vulnerability in detail.php in MountainGrafix easyTrade 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2789
SQL injection vulnerability in pages/index.php in BASIC-CMS allows remote attackers to execute arbitrary SQL commands via the page_id parameter.

CVE-2008-2778
SQL injection vulnerability in inc/class_search.php in the Search System in RevokeBB 1.0 RC11 allows remote attackers to execute arbitrary SQL commands via the search parameter.

CVE-2008-2796
SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2008-2835
SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows remote attackers to execute arbitrary SQL commands via the formid parameter.

CVE-2008-2834
SQL injection vulnerability in projects.php in Scientific Image DataBase 0.41 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2823
SQL injection vulnerability in newsarchive.php in PHPeasyblog (formerly phpeasynews) 1.13 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.

CVE-2008-2816
SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin Board) 2.0 allows remote attackers to execute arbitrary SQL commands via the repquote parameter in a reply action, a different vector than CVE-2006-1572.

CVE-2008-2817
SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action.

CVE-2008-2837
SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter.

CVE-2008-2845
SQL injection vulnerability in index.php in MyBizz-Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2008-2844
SQL injection vulnerability in index.php in Carscripts Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2008-2843
Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp.

CVE-2008-2860
SQL injection vulnerability in category.php in AJSquare AJ Auction Pro web 2.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.

CVE-2008-2856
SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2853
SQL injection vulnerability in index.php in Easy Webstore 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_path parameter.

CVE-2008-2847
SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 allows remote attackers to execute arbitrary SQL commands via the categori parameter in a pocategorisell action to modules.php.

CVE-2008-2846
SQL injection vulnerability in index.php in BoatScripts Classifieds allows remote attackers to execute arbitrary SQL commands via the type parameter.

CVE-2008-2870
Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow remote attackers to execute arbitrary SQL commands via the (1) eventID parameter to event_info.php and the (2) userID parameter to list_user.php.

CVE-2008-2862
Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.

CVE-2008-2869
SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows remote attackers to execute arbitrary SQL commands via the linkid parameter.

CVE-2008-2868
SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter.

CVE-2008-2867
SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter.

CVE-2008-2866
SQL injection vulnerability in csc_article_details.php in Caupo.net CaupoShop Classic 1.3 allows remote attackers to execute arbitrary SQL commands via the saArticle[ID] parameter.

CVE-2008-2865
SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site Lock 2.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter in a show_article action.

CVE-2008-2874
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050.

CVE-2008-2875
SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allows remote attackers to execute arbitrary SQL commands via the hal parameter.

CVE-2008-2893
SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-2532.

CVE-2008-2892
SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.

CVE-2008-2891
SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a category action.

CVE-2008-2897
SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2008-2901
Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.4 allow remote authenticated users to execute arbitrary SQL commands via the (1) address parameter to addressbook.php, the (2) getnews parameter to familynews.php, and the (3) poll_id parameter to home.php in a re ...

CVE-2008-2900
SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2904
SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2008-2903
SQL injection vulnerability in news.php in Advanced Webhost Billing System (AWBS) 2.3.3 through 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the viewnews parameter.

CVE-2008-2902
SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085.

CVE-2008-2907
SQL injection vulnerability in admin/index.php in WebChamado 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the eml parameter.

CVE-2008-2906
SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the tsk_id parameter.

CVE-2008-2915
Multiple SQL injection vulnerabilities in jobseekers/JobSearch.php (aka the search module) in Pre Job Board allow remote attackers to execute arbitrary SQL commands via the (1) position or (2) kw parameter.

CVE-2008-2914
SQL injection vulnerability in jobseekers/JobSearch3.php (aka the search module) in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the (1) kw or (2) position parameter. NOTE: some of these details are obtained from third party information.

CVE-2008-2919
SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the sort parameter.

CVE-2008-2918
SQL injection vulnerability in details.php in Application Dynamics Cartweaver 3.0 allows remote attackers to execute arbitrary SQL commands via the prodId parameter, possibly a related issue to CVE-2006-2046.3.

CVE-2008-2917
SQL injection vulnerability in productsofcat.asp in E-SMART CART allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

CVE-2008-2916
Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to showcategory.php and the (2) id parameter to software-description.php.

CVE-2008-2921
SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2008-2964
SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2963
Multiple SQL injection vulnerabilities in MyBlog allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php and (c) post.php.

CVE-2008-2971
SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2983
SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-2996
Multiple SQL injection vulnerabilities in index.php in Gravity Board X (GBX) 2.0 Beta, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchquery parameter in a getsearch action, and the (2) board_id parameter in a viewboard action.

CVE-2008-2989
SQL injection vulnerability in index.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary SQL commands via the go parameter.

CVE-2008-3026
SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3025
SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter in a redir action.

CVE-2008-3030
SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an urunler action.

CVE-2008-3035
SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Final and earlier allows remote authenticated users to execute arbitrary SQL commands via the boardID parameter.

CVE-2008-3027
SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the article_ID parameter to index.php.

CVE-2008-3083
SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.

CVE-2008-3089
SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze Pro CMS 2008) allows remote attackers to execute arbitrary SQL commands via the uid parameter.

CVE-2008-3118
SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the vid parameter.

CVE-2008-3124
SQL injection vulnerability in index.php in Mole Group Hotel Script 1.0 allows remote attackers to execute arbitrary SQL commands via the file parameter.

CVE-2008-3123
SQL injection vulnerability in index.php in Mole Group Real Estate Script 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.

CVE-2008-3129
Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta 1 allow remote attackers to execute arbitrary SQL commands via the (1) foreign_key_value paramter in the news page and (2) webpage parameter in the webpage_multi_edit form.

CVE-2008-3119
SQL injection vulnerability in index.php in DreamPics Builder allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2008-3132
SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.

CVE-2008-3131
SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showid parameter.

CVE-2008-3136
SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2008-3133
SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the password parameter.

CVE-2008-3152
SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory parameter.

CVE-2008-3154
SQL injection vulnerability in index.php in WebBlizzard CMS allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2008-3153
SQL injection vulnerability in Triton CMS Pro allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.

CVE-2008-3193
SQL injection vulnerability in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the page parameter to the default URI.

CVE-2008-3191
Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) City, (2) Interest, (3) Email, (4) Icq, (5) msn, or (6) Yahoo Messenger field in an edit_profile action.

CVE-2008-3185
SQL injection vulnerability in index.php in Relative Real Estate Systems 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.

CVE-2008-3204
SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels 3 allows remote attackers to execute arbitrary SQL commands via the id_cat parameter.

CVE-2008-3200
SQL injection vulnerability in vlc_forum.php in Avlc Forum as of 20080715 allows remote attackers to execute arbitrary SQL commands via the id parameter in an affich_message action.

CVE-2008-3240
SQL injection vulnerability in index.php in AlstraSoft Affiliate Network Pro allows remote attackers to execute arbitrary SQL commands via the pgm parameter in a directory action.

CVE-2008-3241
SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3238
Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php.

CVE-2008-3213
SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter to portal/index.php in a tablon action. NOTE: some of these details are obtained from third party information.

CVE-2008-3245
SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter.

CVE-2008-3267
SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.

CVE-2008-3266
SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel Reservation System (HRS) Multi allows remote attackers to execute arbitrary SQL commands via the key parameter.

CVE-2008-3265
SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php.

CVE-2008-3251
Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/.

CVE-2008-3250
SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter.

CVE-2008-3256
SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and earlier, and Siteframe Beaumont 5.0.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3254
SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action.

CVE-2008-3291
SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3302
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.

CVE-2008-3310
SQL injection vulnerability in default.asp in Pre Survey Poll allows remote attackers to execute arbitrary SQL commands via the catid parameter.

CVE-2008-3309
SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.

CVE-2008-3307
SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306.

CVE-2008-3346
SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter.

CVE-2008-3355
SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.

CVE-2008-3352
SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action.

CVE-2008-3351
SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action.

CVE-2008-3369
SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

CVE-2008-3366
SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2008-1774.

CVE-2008-3374
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action.

CVE-2008-3377
SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter.

CVE-2008-3378
SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter.

CVE-2008-3372
SQL injection vulnerability in search_form.php in Getacoder Clone allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.

CVE-2008-3386
SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086.

CVE-2008-3387
SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter.

CVE-2008-3382
SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.

CVE-2008-3383
SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote attackers to execute arbitrary SQL commands via the cat_a parameter in a browse action.

CVE-2008-3403
SQL injection vulnerability in mojoClassified.cgi in MojoPersonals allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2008-3406
SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

CVE-2008-3420
Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to browse.php or (2) the s parameter in an exhibitions action to detail.php.

CVE-2008-3412
SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI.

CVE-2008-3413
SQL injection vulnerability in category.php in Greatclone GC Auction Platinum allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.

CVE-2008-3414
SQL injection vulnerability in line2.php in SiteAdmin allows remote attackers to execute arbitrary SQL commands via the art parameter.

CVE-2008-3416
SQL injection vulnerability in modules/members.php in IceBB before 1.0-rc9.3 allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in includes/functions.php.

CVE-2008-3417
SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the r parameter, a different vector than CVE-2006-6115 and CVE-2007-2561.

CVE-2008-3418
SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3419
SQL injection vulnerability in ugroups.php in Youtuber Clone allows remote attackers to execute arbitrary SQL commands via the UID parameter.

CVE-2008-3445
SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter.

CVE-2008-3452
SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php.

CVE-2008-3484
SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php.

CVE-2008-3487
SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3489
SQL injection vulnerability in checkCookie function in includes/functions.inc.php in PHPX 3.5.16 allows remote attackers to execute arbitrary SQL commands via a PXL cookie.

CVE-2008-3497
SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

CVE-2008-3498
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.

CVE-2008-3490
SQL injection vulnerability in members/mail.php in E-topbiz Online Dating 3 1.0 allows remote authenticated users to execute arbitrary SQL commands via the mail_id parameter in a veiw action.

CVE-2008-3491
SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action.

CVE-2008-3506
SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to execute arbitrary SQL commands via the nr parameter to the default URI.

CVE-2008-3507
SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.

CVE-2008-3563
Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators ...

CVE-2008-3554
SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action.

CVE-2008-3580
Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/.

CVE-2008-3594
SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter.

CVE-2008-3591
SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.

CVE-2008-3585
Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) product_desc.php and (2) store_info.php.

CVE-2008-3586
SQL injection vulnerability in the EZ Store (com_ezstore) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.

CVE-2008-3588
Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to comments.php, (2) cid parameter to index.php, and the (3) urltitle parameter to entries.php.

CVE-2008-3598
Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the Cid parameter to categories.php or (2) the Username parameter to login.php.

CVE-2008-3599
SQL injection vulnerability in image.php in OpenImpro 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3601
SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action.

CVE-2008-3603
SQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action.

CVE-2008-3604
SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.

CVE-2008-3649
SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter.

CVE-2008-3670
SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter.

CVE-2008-3673
SQL injection vulnerability in browsecats.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3672.

CVE-2008-3674
SQL injection vulnerability in ugroups.php in PozScripts TubeGuru Video Sharing Script allows remote attackers to execute arbitrary SQL commands via the UID parameter.

CVE-2008-3669
SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.

CVE-2008-3711
SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a browse action.

CVE-2008-3713
SQL injection vulnerability in product.php in PHPBasket allows remote attackers to execute arbitrary SQL commands via the pro_id parameter.

CVE-2008-3718
Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter to show_topic.php and the (2) user parameter to profile.php.

CVE-2008-3706
SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.

CVE-2008-3720
SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679.

CVE-2008-3725
SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3719
SQL injection vulnerability in directory.php in SFS Affiliate Directory allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action.

CVE-2008-3748
SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3762
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.

CVE-2008-3750
SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3751
SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3755
SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter.

CVE-2008-3756
SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3757
SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3749
SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3780
SQL injection vulnerability in recommend.php in Five Star Review Script allows remote attackers to execute arbitrary SQL commands via the item_id parameter.

CVE-2008-3772
SQL injection vulnerability in categories_portal.php in Pars4u Videosharing 1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

CVE-2008-3765
SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3767
SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter.

CVE-2008-3768
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vecto ...

CVE-2008-3783
Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters.

CVE-2008-3784
SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earlier and xBtiTracker 2.0.542 and earlier allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.

CVE-2008-3785
Multiple SQL injection vulnerabilities in the com_content component in MiaCMS 4.6.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) view, (2) category, or (3) blogsection action to index.php.

CVE-2008-3787
SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.

CVE-2008-3788
Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php.

CVE-2008-3845
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.

CVE-2008-3848
SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-3861
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php.

CVE-2008-3951
SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the ann_id parameter.

CVE-2008-3952
SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the idcat parameter.

CVE-2008-3953
SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter.

CVE-2008-3955
SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page.

CVE-2008-3943
SQL injection vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to execute arbitrary SQL commands via the r parameter.

CVE-2008-3944
SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action.

CVE-2008-3945
SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action.

CVE-2008-4039
SQL injection vulnerability in index.php in Spice Classifieds allows remote attackers to execute arbitrary SQL commands via the cat_path parameter.

CVE-2008-4054
SQL injection vulnerability in indir.php in Kolifa.net Download Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4044
SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the artid parameter.

CVE-2008-4043
Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php and (2) prime/article/comment.php.

CVE-2008-4072
Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588.

CVE-2008-4073
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action.

CVE-2008-4074
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.

CVE-2008-4088
SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter.

CVE-2008-4082
SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php.

CVE-2008-4084
SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action.

CVE-2008-4086
SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.

CVE-2008-4092
SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter.

CVE-2008-4093
SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter.

CVE-2008-4090
SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an addtocart action, a different vector than CVE-2007-2672.

CVE-2008-4154
SQL injection vulnerability in living-e webEdition CMS allows remote attackers to execute arbitrary SQL commands via the we_objectID parameter.

CVE-2008-4150
SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3763.

CVE-2008-4144
SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Script Shop allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action.

CVE-2008-4145
SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

CVE-2008-4142
SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter.

CVE-2008-4161
SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action.

CVE-2008-4156
SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Portal 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4157
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.

CVE-2008-4159
SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter.

CVE-2008-4176
SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta allows remote attackers to execute arbitrary SQL commands via the oyun parameter.

CVE-2008-4177
SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter.

CVE-2008-4178
SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.

CVE-2008-4173
SQL injection vulnerability in ProArcadeScript 1.3 allows remote attackers to execute arbitrary SQL commands via the random parameter to the default URI.

CVE-2008-4175
Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php.

CVE-2008-4169
SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter.

CVE-2008-4185
SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213.

CVE-2008-4202
SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 allows remote attackers to execute arbitrary SQL commands via the idd parameter in a deadlink action.

CVE-2008-4203
SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie.

CVE-2008-4204
SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation System (HRS) allows remote attackers to execute arbitrary SQL commands via the city parameter.

CVE-2008-4205
SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action to index.php. NOTE: some of these details are obtained from third party information.

CVE-2008-4241
SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie.

CVE-2008-4332
SQL injection vulnerability in the showjavatopic function in func.php in PHP infoBoard V.7 Plus allows remote attackers to execute arbitrary SQL commands via the idcat parameter to showtopic.php.

CVE-2008-4335
SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apa_album_ID parameter.

CVE-2008-4352
SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php.

CVE-2008-4353
SQL injection vulnerability in link.php in Linkarity allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: although one component of Linkarity is distributable PHP code, this issue might be site-specific. If so, it should not be included in CVE.

CVE-2008-4354
SQL injection vulnerability in the products module in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.

CVE-2008-4350
SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.

CVE-2008-4345
SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter.

CVE-2008-4347
SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

CVE-2008-4364
SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page.

CVE-2008-4369
SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter.

CVE-2008-4355
SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4356
Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid paramete ...

CVE-2008-4357
SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4374
SQL injection vulnerability in index.php in CMS Buzz allows remote attackers to execute arbitrary SQL commands via the id parameter in a playgame action.

CVE-2008-4375
SQL injection vulnerability in viewprofile.php in Availscript Classmate Script allows remote attackers to execute arbitrary SQL commands via the p parameter.

CVE-2008-4376
SQL injection vulnerability in index.php in Live TV Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.

CVE-2008-4377
SQL injection vulnerability in index.asp in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the sideid parameter.

CVE-2008-4378
SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4371
SQL injection vulnerability in articles.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the aIDS parameter.

CVE-2008-4373
SQL injection vulnerability in job_seeker/applynow.php in AvailScript Job Portal Script allows remote attackers to execute arbitrary SQL commands via the jid parameter.

CVE-2008-4379
Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CVE-2008-4423
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.

CVE-2008-4457
SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php.

CVE-2008-4436
SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog 0.7.6 allows remote attackers to execute arbitrary SQL commands via the mod parameter.

CVE-2008-4460
SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the game_id parameter.

CVE-2008-4462
SQL injection vulnerability in view_news.php in Vastal I-Tech Visa Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter.

CVE-2008-4463
SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter.

CVE-2008-4464
SQL injection vulnerability in view_mags.php in Vastal I-Tech Mag Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

CVE-2008-4465
SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

CVE-2008-4466
SQL injection vulnerability in view_products_cat.php in Vastal I-Tech Cosmetics Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

CVE-2008-4467
SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4468
SQL injection vulnerability in view_news.php in Vastal I-Tech Share Zone allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4469
SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the coder_id parameter.

CVE-2008-4461
SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter.

CVE-2008-4492
SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie.

CVE-2008-4494
SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4495
SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.

CVE-2008-4496
SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.

CVE-2008-4497
SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.

CVE-2008-4498
SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

CVE-2008-4521
SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter.

CVE-2008-4523
SQL injection vulnerability in login.php in IP Reg 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the user_name parameter.

CVE-2008-4524
SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter.

CVE-2008-4516
SQL injection vulnerability in galerie.php in Galerie 3.2 allows remote attackers to execute arbitrary SQL commands via the pic parameter.

CVE-2008-4517
SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4518
Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php.

CVE-2008-4527
SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information.

CVE-2008-4573
SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal W3 allows remote attackers to execute arbitrary SQL commands via the kat parameter.

CVE-2008-4570
SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVE-2008-4569
SQL injection vulnerability in xlacomments.asp in XIGLA Software Absolute Poll Manager XE 4.1 allows remote attackers to execute arbitrary SQL commands via the p parameter.

CVE-2008-4574
SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute arbitrary SQL commands via the linkid parameter.

CVE-2008-4599
SQL injection vulnerability in category.php in Mosaic Commerce allows remote attackers to execute arbitrary SQL commands via the cid parameter.

CVE-2008-4590
Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to admin/login.php and (2) the post parameter to admin/news.php.

CVE-2008-4603
SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search_games action.

CVE-2008-4604
SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.

CVE-2008-4613
SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter.

CVE-2008-4605
SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) dish.php and (2) menu.php.

CVE-2008-4606
Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to vlanedit.php. NOTE: the vlanview.php and vlandel.php vectors are already covered by CVE-2007-65 ...

CVE-2008-4620
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.

CVE-2008-4621
SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproperty allows remote attackers to execute arbitrary SQL commands via the adid parameter.

CVE-2008-4623
SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.

CVE-2008-4625
SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.

CVE-2008-4617
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4650
SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter.

CVE-2008-4642
SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.

CVE-2008-4643
SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.

CVE-2008-4627
SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php.

CVE-2008-4628
SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.

CVE-2008-4653
SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.

CVE-2008-4665
SQL injection vulnerability in PG Matchmaking allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) news_read.php and (2) gifts_show.php.

CVE-2008-4666
SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 allows remote attackers to execute arbitrary SQL commands via the Category parameter.

CVE-2008-4674
SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse mode.

CVE-2008-4675
SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.

CVE-2008-4700
SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_pass cookie parameter.

CVE-2008-4703
SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows remote attackers to execute arbitrary SQL commands via the article parameter.

CVE-2008-4711
SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.blog.php, (2) view.event.php, (3) view.group.php, (4) view.music.php, (5) view.picture.php, and (6) view.video.php.

CVE-2008-4713
SQL injection vulnerability in view.php in 212cafe Board 0.07 allows remote attackers to execute arbitrary SQL commands via the qID parameter.

CVE-2008-4709
SQL injection vulnerability in news_read.php in Pilot Group (PG) eTraining allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4705
SQL injection vulnerability in success_story.php in php Online Dating Software MyPHPDating allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4706
SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vBulletin module, allows remote attackers to execute arbitrary SQL commands via the mapid parameter in a showdetails action to (1) vbgooglemaphse.php and (2) mapa.php.

CVE-2008-4715
SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.

CVE-2008-4716
SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

CVE-2008-4717
SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.

CVE-2008-4732
SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter.

CVE-2008-4736
SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the showtopic parameter.

CVE-2008-4738
SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4753
SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter.

CVE-2008-4754
SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.

CVE-2008-4755
SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4760
SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4765
SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.

CVE-2008-4757
Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php.

CVE-2008-4772
SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter.

CVE-2008-4778
SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action.

CVE-2008-4782
SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.

CVE-2008-4785
SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4786
SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

CVE-2008-4880
SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879.

CVE-2008-4877
SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: some of these details are obtained from third party information.

CVE-2008-4879
SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880.

CVE-2008-4881
SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4882
SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4883
SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4884
SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4885
SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4886
SQL injection vulnerability in index.php in YourFreeWorld Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the c parameter.

CVE-2008-4887
SQL injection vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) profile page (profile.php) or (2) game page (game.php). NOTE: some of these details are obtained from third party information.

CVE-2008-4895
SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4897
SQL injection vulnerability in fichiers/add_url.php in Logz podcast CMS 1.3.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the art parameter.

CVE-2008-4890
SQL injection vulnerability in products.php in 1st News 4 Professional (PR 1) allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4889
SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action.

CVE-2008-4912
SQL injection vulnerability in popup_img.php in the fotogalerie module in RS MAXSOFT allows remote attackers to execute arbitrary SQL commands via the fotoID parameter. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.

CVE-2008-4900
SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-4906
SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information.

CVE-2008-5003
SQL injection vulnerability in ndetail.php in Shahrood allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2008-5000
SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the news_id parameter.

CVE-2008-5004
SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie.

CVE-2008-5051
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php.

CVE-2008-5046
SQL injection vulnerability in index.php in Mole Group Pizza Script allows remote attackers to execute arbitrary SQL commands via the manufacturers_id parameter.

CVE-2008-5047
SQL injection vulnerability in admin/index.php in Mole Group Rental Script allows remote attackers to execute arbitrary SQL commands via the username parameter.

CVE-2008-5070
SQL injection vulnerability in Pro Chat Rooms 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the gud parameter to (1) profiles/index.php and (2) profiles/admin.php.

CVE-2008-5074
SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter.

CVE-2008-5075
Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the ...

CVE-2008-5097
SQL injection vulnerability in index.php in MyFWB 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2008-5088
Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909.

CVE-2008-5131
Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php).

CVE-2008-5132
SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.

CVE-2008-5123
SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter.

CVE-2008-5170
SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.

CVE-2008-5174
SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter.

CVE-2008-5166
SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter.

CVE-2008-5168
SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 allows remote attackers to execute arbitrary SQL commands via the tipid parameter.

CVE-2008-5169
SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter.

CVE-2008-5190
SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter.

CVE-2008-5191
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL comm