CVE-2006-3963

Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the 1 sitename parameter to a signup.php, and the 2 id, 3 deleteuserbanner, 4 viewmem, 5 viewmemunb, 6 viewunmem,or 7 deleteuser parameters to b admin.php...

CVE-2006-3884

Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the 1 offset and 2 limit parameters, 3 newdays parameter in a new action, and the 4 linkid parameter in a deadlink action. NOTE: this issue can also be used...

CVE-2006-3884

CVE-2006-3884 affects Gonafish LinksCaffe 3.0, specifically the PHP file links.php. The vulnerability arises from SQL injection via four parameters: (1) offset, (2) limit, (3) newdays in the new action, and (4) link_id in the deadlink action. Exploitation could allow remote attackers to modify th...

CVE-2006-2862

SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter...

CVE-2006-2565

SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via 1 the authorid parameter in profile.php and 2 the autid parameter in userarticles.php. NOTE: the autid vector can produce resultant path disclosure if the SQL manipulati...

CVE-2006-1763

Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a 1 greply or 2 gpermaPost action to the blog shard engine/shards/blog.php, or a 3 gviewContent action to the content shard...

CVE-2006-1641

CVE-2006-1641 affects CzarNews 1.14. The vulnerability stems from improper sanitization of inputs in SQL queries, enabling multiple SQL injections through: (1) usern or (2) passw to cn_auth.php, (3) s to news.php, and (4) a parameter to dpost.php. Impact, as stated in connected sources, includes ...

CVE-2006-1217

SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to 1 results.php, 2 topolls.php, 3 pollit.php...

Sql injection

SQL injection vulnerability in memberlogin.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the 1 username parameter, which is used by the E-mail address field, and 2 password parameter...

CVE-2005-4431

CVE-2005-4431 describes an SQL injection in WowBB 1.65 where remote attackers can execute arbitrary SQL via the q parameter to search.php. The core issue is a vulnerable input handling path in the search functionality of WowBB’s PHP code, enabling database query manipulation. The CVE entry notes ...

CVE-2005-4243

Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via various parameters (popupid in popups.edit.php; so, sb, nr in customer.tickets.view.php; subrackingid in subscribers.tracking.edit.php; delete in design.php; trackingid in tracki...

CVE-2005-3952

CVE-2005-3952 describes an SQL injection in PHP Labs Top Auction. The vulnerability affects the viewcat.php script and could allow remote attackers to modify or retrieve data via the (1) category, (2) type parameters, or (3) certain search parameters. The root cause is unsafely handled user input...

CVE-2005-3844

CVE-2005-3844 concerns a SQL injection vulnerability in the phpWordWordPress PHP News and Article Manager 3.0. The issue allows remote attackers to execute arbitrary SQL commands via parameters: (1) poll and (2) category in index.php, and (3) ctg in an archive action. Affected software is the PHP...

CVE-2004-2350

SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the searchresults parameter...

CVE-2005-1639

The connected PT-Security entry confirms a SQL injection in Sigma ISP Manager 6.6 via Sigmaweb.DLL, exploitable by remote attackers through the username, password, or domain fields; impact is arbitrary SQL execution. Remediation guidance: restrict access to the vulnerable fields and avoid using t...

CVE-2004-1843

CVE-2004-1843 describes an SQL injection vulnerability in Member Management System 2.1. The flaw allows remote attackers to execute arbitrary SQL via the ID parameter to (1) resend.asp or (2) news_view.asp. The provided documents do not specify affected versions beyond 2.1, nor any patch or remed...

CVE-2005-0642

SQL injection vulnerability in the Query Designer for Computer Associates CA Unicenter Asset Management UAM 4.0 allows remote attackers to execute arbitrary SQL via an imported file...

CVE-2004-2350

SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the searchresults parameter...

CVE-2004-1383

Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the 1 order, 2 projectid, 3 promain, or 4 hoursid parameters to index.php or 5 ticketid to viewticketdetails.php...

CVE-2004-0348

SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter...