CVE-2008-6810

CVE-2008-6810 affects Venalsur Booking Centre Booking System for Hotels Group 2.01. The vulnerability is multiple SQL injection in admin/checklogin.php, exploitable via the myusername (username) and password parameters, enabling remote SQL command execution as reported. The issue is documented wi...

CVE-2008-3669

SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script aka ZeeReviews allows remote attackers to execute arbitrary SQL commands via the ItemID parameter...

CVE-2007-3652

SQL injection vulnerability in class/page.php in Farsi Script aka FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328...

CVE-2007-6467

CVE-2007-6467 describes an SQL injection in MKPortal 1.1 RC1, specifically in index.php during the gallery foto_show action, exploitable via the ida parameter. The underlying issue is injectable SQL passed from user-controlled input, enabling remote attackers to execute arbitrary SQL commands. Th...

CVE-2006-3271

Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the 1 country and 2 sortby parameters in a searchresults.php; 3 browse parameter in b featuredphotos.php; 4 cid parameter in c products.php, d index.php, and e newsdesc.php...

CVE-2006-3275

SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action...

CVE-2006-3275

CVE-2006-3275 affects YaBB SE 1.5.5 and earlier, with a SQL injection in profile.php via a double-encoded user parameter in the viewprofile action. The underlying issue is a lack of proper input handling that allows remote attackers to execute SQL commands. Documented impact includes potential da...

CVE-2006-2827

SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vend...

CVE-2005-4349

SQL injection vulnerability in serverprivileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the 1 dbname and 2 checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to...

CVE-2005-4207

SQL injection vulnerability in BTGrup Admin WebController Script allows remote attackers to execute SQL commands via the 1 Username and 2 Password fields...

CVE-2005-4035

CVE-2005-4035 concerns SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and earlier. The flaws allow remote attackers to execute arbitrary SQL commands via the (1) prod and (2) brid parameters to view.php; the (3) bid parameter to viewbrands.php; and the (4) grp and (5...

CVE-2005-3980

SQL injection vulnerability in the ticket query module in Edgewall Trac 0.9 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the group parameter...

SMB Registry : SQL7 Patches

The remote SQL server seems to be vulnerable to the SQL abuse vulnerability described in technet article Q256052. This problem allows an attacker who has to ability to execute SQL queries on this host to gain elevated privileges. OpenVAS Vulnerability Test $Id: smbmssql7.nasl 6056 2017-05-02...

CVE-2005-1810

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $catID variable, as demonstrated using the cat parameter to index.php...

CVE-2004-1806

SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to execute SQL commands via the 1 categoryid, 2 productid, or 3 featureid parameters...

CVE-2005-0475

SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the 1 offset, 2 limit, 3 order, or 4 orderby parameter to question.php, 5 offset parameter to answer.php, 6 searchitem parameter to search.php, 7 catid, 8 cid, or 9 i...

CVE-2005-0615

Multiple SQL injection vulnerabilities in 1 index.php, 2 modules.php, or 3 admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter...

CVE-2005-0537

Multiple SQL injection vulnerabilities in page.php for iGeneric iG Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the 1 cats, 2 lprice, or 3 uprice parameters...

CVE-2004-1629

Multiple SQL injection vulnerabilities in Dwcarticles 1.6 and earlier allow remote attackers to execute arbitrary SQL statements...

CVE-2004-1622

SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter...