Mr.SQL

78 exploits Active since May 2008
CVE-2008-6422 EXPLOITDB text WRITEUP
Psychostats - SQL Injection
Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php.
CVE-2008-3254 EXPLOITDB text WORKING POC
preCMS - SQL Injection
SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action.
CVE-2008-6663 EXPLOITDB text WORKING POC
Phpauctions - SQL Injection
SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106.
CVE-2008-3245 EXPLOITDB text WORKING POC
phpHoo3 <5.2.6 - SQL Injection
SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter.
CVE-2008-3387 EXPLOITDB text WORKING POC
PHPFootball 1.6 - SQL Injection
SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter.
EIP-2026-110923 EXPLOITDB text WORKING POC
phpAuction - 'profile.php' SQL Injection (2)
CVE-2008-5815 EXPLOITDB text WORKING POC
phpAlumni - SQL Injection
SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-4495 EXPLOITDB text WORKING POC
Select Development Solutions Php Auto Dealer - SQL Injection
SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.
CVE-2008-2865 EXPLOITDB text WORKING POC
Kalptaru Infotech Php Site Lock - SQL Injection
SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site Lock 2.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter in a show_article action.
CVE-2008-4496 EXPLOITDB text WORKING POC
Select Development Solutions Php Realtor - SQL Injection
SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.
CVE-2009-2926 EXPLOITDB text WORKING POC
Phpcompet.free Php Competition System - SQL Injection
Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php.
CVE-2008-4498 EXPLOITDB text WORKING POC
Phpautos - SQL Injection
SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2008-3772 EXPLOITDB perl WORKING POC
Pars4u Videosharing - SQL Injection
SQL injection vulnerability in categories_portal.php in Pars4u Videosharing 1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
CVE-2009-3191 EXPLOITDB text WORKING POC
Pad-site-scripts Pad Site Scripts - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to inject arbitrary web script or HTML via the cat parameter to (1) rss.php and (2) opml.php.
CVE-2009-4616 EXPLOITDB text WORKING POC
MYRE Holiday Rental Manager - XSS
Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday Rental Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter.
CVE-2008-2817 EXPLOITDB text WORKING POC
Nitropowered Nitro Web Gallery < 1.4.3 - SQL Injection
SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action.
CVE-2008-2504 EXPLOITDB text WORKING POC
Simpel Side Netbutik - SQL Injection
Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to netbutik.php and the (2) id parameter to product.php.
EIP-2026-109521 EXPLOITDB text WORKING POC
Moa Gallery 1.2.0 - 'index.php?action' SQL Injection
CVE-2008-6649 EXPLOITDB text WORKING POC
Ktools Photostore - SQL Injection
SQL injection vulnerability in manager/image_details_editor.php in Ktools PhotoStore 2.5, 2.9.8, 3.1.0, and other versions through 3.5.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2009-4624 EXPLOITDB text WORKING POC
Nicecoder iDesk - SQL Injection
SQL injection vulnerability in download.php in Nicecoder iDesk allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2005-3843.
CVE-2009-3968 EXPLOITDB perl WORKING POC
ITechBids 8.0 - SQL Injection
Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238.
CVE-2008-7085 EXPLOITDB text WORKING POC
Thehockeystop Hockeystats Online - SQL Injection
Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php.
CVE-2008-2796 EXPLOITDB text WORKING POC
Freecms - SQL Injection
SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2009-4958 EXPLOITDB text WORKING POC
Emophp Emo Breeder Manager - SQL Injection
SQL injection vulnerability in video.php in EMO Breeder Manager (aka EMO Breader Manager) allows remote attackers to execute arbitrary SQL commands via the idd parameter.
CVE-2008-3378 EXPLOITDB text WORKING POC
Fizzmedia 1.51.2 - SQL Injection
SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter.