103 matches found
Sql injection
SQL injection vulnerability in students.php in BPowerHouse BPStudents 1.0 allows remote attackers to execute arbitrary SQL commands via the test parameter in a preview action...
CVE-2009-1810
Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via 1 the formUser parameter aka the Name field to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to 2...
CVE-2009-1736
The CVE-2009-1736 issue affects Joomla! GridSupport (GS) Ticket System (com_gsticketsystem). The underlying vulnerability is an SQL injection in the viewCategory action, where the catid parameter to index.php can be manipulated to execute arbitrary SQL commands. The documents confirm remote‑level...
CVE-2009-1245
Multiple SQL injection vulnerabilities in the inserttopastebin function in php/cccp-admin/inc/functions.php in CCCP Community Clan Portal Pastebin before 2.80 allow remote attackers to execute arbitrary SQL commands via the 1 subject, 2 language, and 3 nickname parameters to...
CVE-2008-6314
CVE-2008-6314 describes a SQL injection in the Tag Board module for phpBB (version 4.0 and earlier), in the file tag_board.php. The vulnerability is exploitable via the id parameter in a delete action, enabling remote attackers to execute arbitrary SQL commands. The provided documents confirm the...
Sql injection
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to 1 new/index.php, 2 news/index.php, and 3 top/topusers.php, which is not properly handled in database-pgsql.php...
CVE-2008-5958
Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to 1 questions.asp, 2 importquestions.asp, and 3 quiztakers.asp...
CVE-2008-5574
SQL injection vulnerability in member.php in Webmaster Marketplace allows remote attackers to execute arbitrary SQL commands via the u parameter...
Sql injection
SQL injection vulnerability in featuredarticle.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action...
CVE-2008-4613
SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter...
CVE-2008-4173
SQL injection vulnerability in ProArcadeScript 1.3 allows remote attackers to execute arbitrary SQL commands via the random parameter to the default URI...
Sql injection
SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade compuarcade component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php...
CVE-2008-1639
Vulnerability (CVE-2008-1639) in Neat weblog 0.2: an SQL injection flaw in index.php allows remote attackers to modify or retrieve data via the articleId parameter in the show action, likely linked to the showArticle function in lib/lib_article.include.php. The NVD entry records a CVSS v2 base sc...
CVE-2008-0326
The CVE-2008-0326 entry describes an SQL injection in FaScript FaPersianHack 1.0, specifically in class/show.php where the id parameter is the attack surface. Multiple sources (NVD and CVE records) confirm the vulnerability, with a CVSSv2 base score of 7.5 (HIGH) and impact on confidentiality, in...
Sql injection
SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI...
CVE-2007-6342
SQL injection vulnerability in the David Castro AuthCAS module AuthCAS.pm 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSIONCOOKIENAME session ID in a cookie...
CVE-2007-4084
Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to execute arbitrary SQL commands via 1 the pgmid parameter in an uploadProducts action to merchants/index.php and possibly 2 the rowid parameter to merchants/temp.php...
Sql injection
SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862...
Sql injection
SQL injection vulnerability in inc/classusers.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebbuser cookie...
CVE-2007-2599
TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier contains multiple SQL injection vulnerabilities. The affected components include (1) catFile parameter for browseCat.php and browseSubCat.php, (2) id parameter for openTutorial.php, topFrame.php, and admin/editListing.php, and (3) the search ...