InjEctOr5

73 exploits Active since May 2008
CVE-2008-2225 EXPLOITDB text WORKING POC
gameCMS Lite 1.0 - SQL Injection via systemId Parameter
SQL injection vulnerability in index.php in gameCMS Lite 1.0 allows remote attackers to execute arbitrary SQL commands via the systemId parameter.
CVE-2008-6155 EXPLOITDB text WORKING POC
Hispah Text Links Ads 1.1 - SQL Injection via idtl Parameter
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-2537 EXPLOITDB text WORKING POC
HispaH Model Search - SQL Injection via cat Parameter
SQL injection vulnerability in cat.php in HispaH Model Search allows remote attackers to execute arbitrary SQL commands via the cat parameter.
EIP-2026-107513 EXPLOITDB text WORKING POC
GS Real Estate Portal - Multiple SQL Injections
CVE-2008-5174 EXPLOITDB text WORKING POC
Jokes Complete Website 2.1.3 - SQL Injection
SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter.
CVE-2008-6608 EXPLOITDB text WORKING POC
DevelopItEasy Events Calendar 1.2 - SQL Injection via User Name, User Pass, or ID Parameter
Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter (aka user field) to admin/index.php, (2) the user_pass parameter (aka pass field) to admin/index.php, or (3) the id parameter to calendar_details.php. NOTE: some of these details are obtained from third party information.
CVE-2009-1665 EXPLOITDB text WORKING POC
Easy Scripts Answer and Question Script - Unauthenticated Arbitrary User Account Deletion via myaccount.php
myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields.
CVE-2008-5169 EXPLOITDB text WORKING POC
Drinks Complete Website 2.1.0 - SQL Injection
SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter.
CVE-2008-6348 EXPLOITDB text WRITEUP
DevelopItEasy Photo Gallery 1.2 - SQL Injection via cat_id, photo_id, user_name, or user_pass Parameter
Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-5131 EXPLOITDB text WORKING POC
Develop It Easy News And Article System 1.4 - SQL Injection via aid Parameter and Admin Panel Credentials
Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php).
CVE-2008-5054 EXPLOITDB text WORKING POC
Develop It Easy Membership System 1.3 - SQL Injection via Email or Password Parameter
Multiple SQL injection vulnerabilities in Develop It Easy Membership System 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters to customer_login.php and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-2181 EXPLOITDB text WORKING POC
cpLinks 1.03 - Cross-Site Scripting via search_text and search_category Parameters
Multiple cross-site scripting (XSS) vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the (1) search_text and (2) search_category parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtained from third party information.
CVE-2008-5170 EXPLOITDB text WORKING POC
Cheats Complete Website 1.1.1 - SQL Injection
SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
CVE-2008-4083 EXPLOITDB text WORKING POC
Brim 2.0 - Authenticated Cross-Site Scripting via Bookmarks Plugin Name Parameter
Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-4044 EXPLOITDB text WORKING POC
AJ Square aj-hyip - SQL Injection via artid Parameter
SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the artid parameter.
CVE-2008-7021 EXPLOITDB text WRITEUP
AvailScript Jobs Portal Script - Authenticated Arbitrary File Upload via editlogo.php
Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an image or logo, then accessing it via a direct request to the file in an unspecified directory.
CVE-2008-4373 EXPLOITDB text WORKING POC
AvailScript Job Portal Script - SQL Injection via jid Parameter
SQL injection vulnerability in job_seeker/applynow.php in AvailScript Job Portal Script allows remote attackers to execute arbitrary SQL commands via the jid parameter.
EIP-2026-105330 EXPLOITDB text WORKING POC
AvailScript Job Portal Script - 'applynow.php' SQL Injection
CVE-2008-2532 EXPLOITDB text WORKING POC
AJ Square aj-hyip - SQL Injection via forum/topic_detail.php id Parameter
SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-6004 EXPLOITDB text WORKING POC
AJ Auction Pro Platinum 2 - Cross-Site Scripting via search.php product parameter
Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter.
CVE-2008-2132 EXPLOITDB text WRITEUP
Systementor PostcardMentor - SQL Injection via cat_fldAuto Parameter
SQL injection vulnerability in step1.asp in Systementor PostcardMentor allows remote attackers to execute arbitrary SQL commands via the cat_fldAuto parameter.
EIP-2026-100290 EXPLOITDB text WRITEUP
E-ShopSystem - Authentication Bypass / SQL Injection
CVE-2008-2124 EXPLOITDB text WRITEUP
fipsASP fipsCMS - SQL Injection via lg Parameter
SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS allows remote attackers to execute arbitrary SQL commands via the lg parameter.