CWE-89

Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php.

SQL injection vulnerability in show_search_result.php in 2daybiz Job Search Engine Script allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

SQL injection vulnerability in the JE Ajax Event Calendar (com_jeajaxeventcalendar) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.

SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter.

SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter.

SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter.

SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP allows remote attackers to execute arbitrary SQL commands via the id parameter in a cancel action.

SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter.

SQL injection vulnerability in merchant_product_list.php in JCE-Tech Shareasale Script (SASS) 1 allows remote attackers to execute arbitrary SQL commands via the mechant_id parameter.

SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter.

SQL injection vulnerability in G.CMS generator allows remote attackers to execute arbitrary SQL commands via the lang parameter to the default URI, probably index.php.

SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.

SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com eWebquiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizType parameter, a different vector than CVE-2007-1706.

SQL injection vulnerability in index.php in Eicra Realestate Script 1.0 and 1.6.0 allows remote attackers to execute arbitrary SQL commands via the p_id parameter. NOTE: some of these details are obtained from third party information.

SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.

SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady Online Notebook Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.

SQL injection vulnerability in members.php in Arab Portal 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the by parameter in the msearch action.

Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor Analyst allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. NOTE: some of these details are obtained from third party information.

SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter.