Mr.SQL

78 exploits Active since May 2008
CVE-2009-3081 EXPLOITDB WORKING POC
Uiga Church Portal - SQL Injection
SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the month parameter in a calendar action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3082 EXPLOITDB WORKING POC
Snowhall Silurus System - SQL Injection
SQL injection vulnerability in wcategory.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6648 EXPLOITDB WORKING POC
Ktools Photostore - SQL Injection
SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php. NOTE: this might be the same issue as CVE-2008-6647.
CVE-2009-0445 EXPLOITDB text WORKING POC
Dreampics Gallery Builder - SQL Injection
SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action.
CVE-2009-4615 EXPLOITDB text WORKING POC
MYRE Holiday Rental Manager - SQL Injection
SQL injection vulnerability in review.php in MYRE Holiday Rental Manager allows remote attackers to execute arbitrary SQL commands via the link_id parameter in a show_review action.
CVE-2009-3190 EXPLOITDB text WORKING POC
Pad-site-scripts Pad Site Scripts - SQL Injection
Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to list.php and (2) cat parameter to rss.php.
CVE-2008-6647 EXPLOITDB text WORKING POC
Ktools Photostore - SQL Injection
SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 allows remote attackers to execute arbitrary SQL commands via the gid parameter.
CVE-2008-3649 EXPLOITDB text WORKING POC
Article Friendly Standard - SQL Injection
SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter.
CVE-2008-3779 EXPLOITDB text WORKING POC
Five Star Review Script - XSS
Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action.
CVE-2008-3771 EXPLOITDB perl WORKING POC
Pars4u Videosharing - XSS
Cross-site scripting (XSS) vulnerability in members.php in Pars4u Videosharing 1 allows remote attackers to inject arbitrary web script or HTML via the PageNo parameter.
CVE-2008-2505 EXPLOITDB text WORKING POC
Simpel Side Weblosninger - XSS
Cross-site scripting (XSS) vulnerability in result.php in Simpel Side Weblosning 1 through 4 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2008-3669 EXPLOITDB text WORKING POC
ZeeReviews - SQL Injection
SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
CVE-2008-6111 EXPLOITDB text WORKING POC
NetArt Media Vlog System 1.1 - SQL Injection
SQL injection vulnerability in blog.php in NetArt Media Vlog System 1.1 allows remote attackers to execute arbitrary SQL commands via the note parameter.
CVE-2009-2924 EXPLOITDB text WORKING POC
Videosbroadcastyourself Videos Broadcast Yourself - SQL Injection
Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter to catvideo.php and (3) uid parameter to cviewchannels.php.
CVE-2008-2506 EXPLOITDB text WORKING POC
Simpel Side Weblosning - SQL Injection
Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) mainid and (2) id parameters to index2.php.
CVE-2008-3213 EXPLOITDB text WORKING POC
WebCMS Portal Edition - SQL Injection
SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter to portal/index.php in a tablon action. NOTE: some of these details are obtained from third party information.
CVE-2008-3251 EXPLOITDB text WORKING POC
tplSoccerSite 1.0 - SQL Injection
Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/.
CVE-2009-3116 EXPLOITDB text WORKING POC
Uiga Church Portal - SQL Injection
SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the year parameter in a calendar action.
EIP-2026-112761 EXPLOITDB text WORKING POC
tourismscripts HotelBook - 'hotel_id' Multiple SQL Injections
EIP-2026-111696 EXPLOITDB text WORKING POC
Re-Script 0.99 Beta - 'listings.php?op' SQL Injection
CVE-2009-3117 EXPLOITDB text WORKING POC
Snowhall Silurus System - SQL Injection
SQL injection vulnerability in category.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2008-3491 EXPLOITDB text WORKING POC
Scripts24 iPost <1.0.1, iTGP <1.0.4 - SQL Injection
SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action.
EIP-2026-111699 EXPLOITDB text WORKING POC
Ready2Edit - 'menuid' SQL Injection
CVE-2008-3491 EXPLOITDB text WORKING POC
Scripts24 iPost <1.0.1, iTGP <1.0.4 - SQL Injection
SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action.
CVE-2008-5191 EXPLOITDB text WORKING POC
SePortal 2.4 - SQL Injection
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.