NOTE: the cat vector is already covered by CVE-2006-2853. ** DISPUTED ** Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to slistl.php.
SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters. Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) username parameters. SQL Injection Vulnerability exists in TotalComfortSolutions Company due to improper sanitization of user supplied data via 'id' parameter in 'aboutus.php', 'resources.php' scripts. TotalComfortSolutions Company SQL Injection Vulnerability. SQL Injection Vulnerability exists in Helpdezk due to improper sanitization of user supplied data over different GET and POST requests. SQL Injection Vulnerability exists in AtelyeDigital Web Design due to improper sanitization of user supplied data via 'id' parameter in 'news.asp' and 'kno' parameter in 'default.asp' scripts. SQL Injection Vulnerability exists in Simple E-Document due to improper sanitization of user supplied data via 'username' parameter in 'login.php' script.ĪtelyeDigital Web Design SQL Injection Vulnerability. Simple E-Document SQL Injection Vulnerability. SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter. NOTE: the startid/activity_log.php vector is already covered by CVE-2005-3949.
SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: later a disclosure reported the affected version as 1.0. SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. ** DISPUTED ** Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5).
0 kommentar(er)
