InjEctOr5

73 exploits Active since May 2008
CVE-2008-2113 EXPLOITDB text WORKING POC
PHPEasyData 1.5.4 - SQL Injection via annuaire.php cat_id Parameter
SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2008-2177 EXPLOITDB text WORKING POC
phpDirectorySource 1.1.06 - SQL Injection via lid or login Parameter
Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to show.php and the (2) login parameter to admin.php.
EIP-2026-111027 EXPLOITDB text WRITEUP
phpDatingClub - 'conf.inc' File Disclosure
EIP-2026-110915 EXPLOITDB text WRITEUP
phpAdBoard - 'conf.inc' Remote Configuration File Disclosure
CVE-2008-7080 EXPLOITDB text WRITEUP
PHP Classifieds Script - Unauthenticated Sensitive Information Exposure via Direct Request
Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql.
CVE-2008-4716 EXPLOITDB text WORKING POC
PHP-Lance 1.52 - SQL Injection via show.php catid Parameter
SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2008-2457 EXPLOITDB text WORKING POC
bitmixsoft php-jokesite 2.0 - SQL Injection via cat_id Parameter
SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2008-2453 EXPLOITDB text WORKING POC
PHP Classifieds Script - SQL Injection via fatherID Parameter
Multiple SQL injection vulnerabilities in PHP Classifieds Script allow remote attackers to execute arbitrary SQL commands via the fatherID parameter to (1) browse.php and (2) search.php.
CVE-2008-6656 EXPLOITDB text WORKING POC
Open Auto Classifieds 1.4.3b - SQL Injection via Listings ID Parameter or Login Username Field
Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to listings.php and (2) the username field to login.php.
CVE-2008-5046 EXPLOITDB text WORKING POC
Mole Group Pizza Script - SQL Injection via manufacturers_id Parameter
SQL injection vulnerability in index.php in Mole Group Pizza Script allows remote attackers to execute arbitrary SQL commands via the manufacturers_id parameter.
CVE-2008-6225 EXPLOITDB text WORKING POC
Mole Group Airline Ticket Sale Script - SQL Injection via info.php flight parameter
SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out such false informations. Such scripts or versions [do not] exist.
CVE-2008-6484 EXPLOITDB text WRITEUP
Mole Group Taxi Calc Dist Script - SQL Injection via login.php User Field
SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field.
CVE-2008-2461 EXPLOITDB text WORKING POC
Netious CMS 0.4 - SQL Injection via Pageid Parameter
SQL injection vulnerability in index.php in Netious CMS 0.4 allows remote attackers to execute arbitrary SQL commands via the pageid parameter, a different vector than CVE-2006-4047.
CVE-2008-4376 EXPLOITDB text WORKING POC
Live TV Script - SQL Injection via mid Parameter
SQL injection vulnerability in index.php in Live TV Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.
CVE-2008-6050 EXPLOITDB text WORKING POC
Joomla! com_tech_article 1.0 - SQL Injection
SQL injection vulnerability in the Tech Articles (com_tech_article) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the item parameter to index.php.
CVE-2009-0329 EXPLOITDB perl WORKING POC
PcCookBook - Joomla! - SQL Injection
SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844.
CVE-2009-0379 EXPLOITDB php WORKING POC
Joomla! com_pcchess - SQL Injection
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
CVE-2009-1736 EXPLOITDB php WORKING POC
Joomla com_gsticketsystem - SQL Injection via catid Parameter
SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php.
CVE-2009-0421 EXPLOITDB php WORKING POC
Joomla com_eventing 1.6.x - SQL Injection via catid Parameter
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
CVE-2009-2567 EXPLOITDB text WORKING POC
Joomla! com_aclassf <5.6.2 - SQL Injection
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 5.6.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
EIP-2026-108328 EXPLOITDB php WORKING POC
Joomla! Component com_digistore - 'pid' Blind SQL Injection
CVE-2009-0333 EXPLOITDB php WORKING POC
Joomla com_waticketsystem - SQL Injection via catid Parameter
SQL injection vulnerability in the WebAmoeba (WA) Ticket System (com_waticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
EIP-2026-108107 EXPLOITDB text WORKING POC
Job2C - 'conf.inc' Configuration File Disclosure
EIP-2026-108109 EXPLOITDB text SUSPICIOUS
Job2C 4.2 - 'profile' Arbitrary File Upload
EIP-2026-107711 EXPLOITDB text WRITEUP
iBoutique.MALL 1.2 - 'cat' Blind SQL Injection