CVE-2006-3275

CVE-2006-3275 affects YaBB SE 1.5.5 and earlier, with a SQL injection in profile.php via a double-encoded user parameter in the viewprofile action. The underlying issue is a lack of proper input handling that allows remote attackers to execute SQL commands. Documented impact includes potential da...

CVE-2006-2827

SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vend...

CVE-2005-4349

SQL injection vulnerability in serverprivileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the 1 dbname and 2 checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to...

CVE-2005-4207

SQL injection vulnerability in BTGrup Admin WebController Script allows remote attackers to execute SQL commands via the 1 Username and 2 Password fields...

CVE-2005-4035

CVE-2005-4035 concerns SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and earlier. The flaws allow remote attackers to execute arbitrary SQL commands via the (1) prod and (2) brid parameters to view.php; the (3) bid parameter to viewbrands.php; and the (4) grp and (5...

CVE-2005-3980

SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter...

CVE-2005-1810

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $catID variable, as demonstrated using the cat parameter to index.php...

CVE-2004-1806

SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to execute SQL commands via the 1 categoryid, 2 productid, or 3 featureid parameters...

CVE-2004-1531

SQL injection vulnerability in post.php in Invision Power Board IPB 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter...

CVE-2005-0414

SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows remote attackers to execute arbitrary SQL commands via a reply post action for index.php with 1 the t parameter or 2 the qu parameter...

CVE-2005-0217

SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter...

CVE-2004-1225

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality...

CVE-2004-2668

SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors...

CVE-2004-1402

SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via 1 the string parameter for index.php, 2 comments.php, or 3 the administrator login page...

CVE-2004-1519

SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via 1 the bugid parameter in a viewvotes operation or 2 the project parameter in an add operation...

CVE-2004-2186

SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance...

CVE-2004-1113

SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the 1 sender or 2 recipient e-mail addresses...

CVE-2004-1654

SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via caltemplate...

CVE-2003-1530

SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark parameter...

CVE-2003-1504

SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the 1 vadminlogin or 2 vadminpass cookie in a request to goldlink.php...