Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter.

SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.

SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.

SQL injection vulnerability in index.php in the aktualnosci module in SmodBIP 1.06 and earlier allows remote attackers to execute arbitrary SQL commands via the zoom parameter, possibly related to home.php.

SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.

SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action.

SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.

SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote) sequences, which are collapsed into \'', as demonstrated via the name parameter to forum/pop_up_member_search.asp.

Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php.

SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.

SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven.

SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was later reported that 1.2 is also affected.

SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php.

SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.

SQL injection vulnerability in section/default.asp in ANGEL Learning Management Suite (LMS) 7.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782.

SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.

SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter.

SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.