AFFCommerce Shopping Cart 1.1.4 - 'subcategory.php?cl' SQL Injection

source: https://www.securityfocus.com/bid/15545/info AFFCommerce Shopping Cart is prone to multiple SQL injection vulnerabilities. These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. AFFCommerc...

Exponent CMS < 0.96.4 Multiple Remote Vulnerabilities (XSS, SQLi, Code Exe, Disc)

The remote host is running Exponent CMS, an open source content management system written in PHP. The version of Exponent CMS installed on the remote host fails to sanitize input to the 'id' parameter of the resource module before using it in database queries. An unauthenticated attacker can...

phpWebThings Multiple Scripts SQL Injection

The remote host is running the phpWebThings application framework. The version of phpWebThings installed on the remote host does not properly sanitize user input in the 'forum' and 'msg' parameters of 'forum.php' script before using it in database queries. An attacker can exploit this vulnerabili...

IPBProArcade 2.5.2 - &#039;GameID&#039; SQL Injection

source: https://www.securityfocus.com/bid/15205/info A remote SQL injection vulnerability reportedly affects ipbProArcade. The problem affects the 'gameid' parameter. An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may...

IPBProArcade 2.5.2 - GameID SQL Injection

IPBProArcade 2.5.2 - GameID SQL Injection source: https://www.securityfocus.com/bid/15205/info A remote SQL injection vulnerability reportedly affects ipbProArcade. The problem affects the 'gameid' parameter. An attacker may leverage this issue to manipulate SQL query strings and potentially carr...

MyBulletinBoard (MyBB) 1.0 - usercp.php SQL Injection

MyBulletinBoard MyBB 1.0 - usercp.php SQL Injection source: https://www.securityfocus.com/bid/15204/info MyBulletinBoard is prone to an SQL injection vulnerability. This vulnerability could permit remote attackers to pass malicious input to database queries, resulting in modification of query log...

Nuked-klaN 1.7 Sections Module - &#039;artid&#039; SQL Injection

source: https://www.securityfocus.com/bid/15181/info Nuked Klan is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. These vulnerabilities could permit remote attackers to...

Nuked-klaN 1.7 Download Module - &#039;dl_id&#039; SQL Injection

source: https://www.securityfocus.com/bid/15181/info Nuked Klan is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. These vulnerabilities could permit remote attackers to...

Nuked-klaN 1.7 Links Module - &#039;link_id&#039; SQL Injection

source: https://www.securityfocus.com/bid/15181/info Nuked Klan is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. These vulnerabilities could permit remote attackers to...

Nuked-klaN 1.7 Download Module - dl_id SQL Injection

Nuked-klaN 1.7 Download Module - dlid SQL Injection source: https://www.securityfocus.com/bid/15181/info Nuked Klan is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. The...

Nuked-klaN 1.7 Sections Module - artid SQL Injection

Nuked-klaN 1.7 Sections Module - artid SQL Injection source: https://www.securityfocus.com/bid/15181/info Nuked Klan is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries...

Land Down Under HTTP Referer Header SQL Injection

The installed version of Land Down Under fails to sanitize input passed through the HTTP Referer header before using it in database queries. Provided PHP's 'magicquotesgpc' setting is disabled, an attacker can exploit this issue to manipulate database queries, possibly revealing sensitive...

DeluxeBB Multiple Scripts SQL Injection

The remote host is using DeluxeBB, a web application forum written in PHP. The installed version of this software fails to sanitize input to several parameters and scripts before using it to generate SQL queries. Provided PHP's 'magicquotesgpc' setting is disabled, an attacker may be able to...

PHPMyFAQ 1.5.1 - &#039;Password.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/14927/info phpMyFAQ is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in a SQL query. This vulnerability could permit remote attackers to pass malicious inp...

PHPMyFAQ 1.5.1 - Password.php SQL Injection

PHPMyFAQ 1.5.1 - Password.php SQL Injection source: https://www.securityfocus.com/bid/14927/info phpMyFAQ is affected by an SQL injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input before using it in a SQL query. This vulnerability could...

PHP-Fusion <= 6.00.106 Multiple Vulnerabilities

According to its banner, the remote host is running a version of PHP-Fusion that suffers from multiple vulnerabilities : - SQL Injection Vulnerability The application fails to sanitize user-supplied input to the 'msgview' parameter of the 'messages.php' script before using it in database queries...

PHP-Fusion < 6.00.107 Multiple Vulnerabilities

Binary data 3100.prm...

PHPNews 1.2.x - &#039;auth.php&#039; SQL Injection

source: https://www.securityfocus.com/bid/14333/info PHPNews is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. This vulnerability could permit remote attackers to pass malicious...

DUamazon Pro Multiple Scripts SQL Injection

The remote host is running DUamazon Pro, an ASP-based storefront from DUware for Amazon affiliates. The installed version of DUamazon Pro fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an attacker can affect database...

DUportal Pro Multiple Scripts SQL Injection (2)

The remote host is running DUportal Pro, an ASP-based product suite from DUware for building web portals / online communities. The installed version of DUportal Pro fails to properly sanitize user- supplied input in several instances before using it in SQL queries. By exploiting these flaws, an...