CWE-89

SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.

SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter.

Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters.

SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers.

SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter.

SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter.

SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name'].

SQL injection vulnerability in admin_default.asp in OzzyWork Galeri allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password fields.

SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter.

SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows remote attackers to execute arbitrary SQL commands via the nid parameter.

SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php,…

SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". NOTE: This is a different vulnerability than CVE-2005-4246.

Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid…

Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) username parameters.

SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2)…

SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php.

SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package, aka Vuln# DB06.

Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors.

SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.