Security Vulnerabilities, CVEs, Published In 2005 (Sql injection)

SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses.

SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter.

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.

SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter.

SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password.

Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter.

Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showcat.php or (2) product parameter to addfav.php.

Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter.

SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter.

SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter.

Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters.

SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges.

SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header.

SQL injection vulnerability in PerlDesk 1.x allows remote attackers to inject arbitrary SQL commands via the view parameter.

Multiple SQL injection vulnerabilities in CMScore allow remote attackers to execute arbitrary SQL commands via the (1) EntryID or (2) searchterm parameter to index.php, or (3) username parameter to authenticate.php.

SQL injection vulnerability in imageview.php for SGallery 1.01 allows remote attackers to execute arbitrary SQL commands via the (1) idalbum or (2) idimage parameters.

SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file.

Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier.

SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows remote attackers to execute arbitrary SQL commands via a reply post action for index.php with (1) the t parameter or (2) the qu parameter.

SQL injection vulnerability in login.asp in ASPjar Guestbook allows remote attackers to execute arbitrary SQL commands via the password field.

Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php.

Unknown "major security flaws" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in (1) host.php, (2) port.php, and (3) index.php.

SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie.

SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php.

Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters.