Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php.

SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php.

SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter.

Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action.

Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php.

SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields.

SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter.

SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter.

SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter.

SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.

SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter.

SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter.

SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter.

Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.

SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.

Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.

SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter.