Mr.SQL

78 exploits Active since May 2008
CVE-2008-3484 EXPLOITDB text WORKING POC
eStoreAff 0.1 - SQL Injection
SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php.
CVE-2008-2792 EXPLOITDB text WORKING POC
Erocms < 1.4 - SQL Injection
SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter.
CVE-2008-2393 EXPLOITDB text WORKING POC
Entertainmentscript - SQL Injection
SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2754 EXPLOITDB text WRITEUP
Efiction - SQL Injection
SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter.
CVE-2008-3594 EXPLOITDB text WORKING POC
MagicScripts E-Store Kit - SQL Injection
SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2008-2853 EXPLOITDB text WORKING POC
Easy Webstore - SQL Injection
SQL injection vulnerability in index.php in Easy Webstore 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_path parameter.
EIP-2026-106474 EXPLOITDB perl WORKING POC
DIY - 'did' Blind SQL Injection
CVE-2008-2791 EXPLOITDB perl WORKING POC
Kalptaru Infotech Comparison Engine Power Script - SQL Injection
SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-2971 EXPLOITDB text WORKING POC
Cistyle Ciblog - SQL Injection
SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-105498 EXPLOITDB text WORKING POC
Bizon-CMS 2.0 - 'Id' SQL Injection
CVE-2009-4618 EXPLOITDB text WORKING POC
Tourism Script Bus Script - SQL Injection
Multiple SQL injection vulnerabilities in Tourism Script Bus Script allow remote attackers to execute arbitrary SQL commands via the sitetext_id parameter to (1) aboutus.php and (2) faq.php.
CVE-2008-2789 EXPLOITDB text WORKING POC
Basic-cms - SQL Injection
SQL injection vulnerability in pages/index.php in BASIC-CMS allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
EIP-2026-105225 EXPLOITDB perl WORKING POC
Arcadem Pro 2.8 - 'article' Blind SQL Injection
CVE-2008-3351 EXPLOITDB text WORKING POC
Atom PhotoBlog <1.1.5b1 - SQL Injection
SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action.
CVE-2008-3351 EXPLOITDB text WORKING POC
Atom PhotoBlog <1.1.5b1 - SQL Injection
SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action.
CVE-2008-3670 EXPLOITDB text WORKING POC
Article Friendly Pro - SQL Injection
SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter.
CVE-2008-3291 EXPLOITDB text WORKING POC
AproxEngine 5.1.0.4 - SQL Injection
SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
EIP-2026-104871 EXPLOITDB text WORKING POC
@CMS 2.1.1 - SQL Injection
CVE-2008-2903 EXPLOITDB text WRITEUP
Awbs Advanced Webhost Billing System - SQL Injection
SQL injection vulnerability in news.php in Advanced Webhost Billing System (AWBS) 2.3.3 through 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the viewnews parameter.
CVE-2009-3358 EXPLOITDB text WORKING POC
Tourismscripts Adult Portal Escort Listing - SQL Injection
SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
CVE-2009-4617 EXPLOITDB text WORKING POC
Tourismscripts Tourism Script Accomodation Hotel Booking Portal Script - SQL Injection
Multiple SQL injection vulnerabilities in Tourism Script Accommodation Hotel Booking Portal Script allow remote attackers to execute arbitrary SQL commands via the hotel_id parameter to (1) hotel.php, (2) details.php, (3) roomtypes.php, (4) photos.php, (5) map.php, (6) weather.php, (7) reviews.php, and (8) book.php.
CVE-2008-3780 EXPLOITDB text WORKING POC
Five Star Review Script - SQL Injection
SQL injection vulnerability in recommend.php in Five Star Review Script allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
CVE-2008-3382 EXPLOITDB perl WORKING POC
MojoClassifieds 2.0 - SQL Injection
SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.
CVE-2008-3403 EXPLOITDB perl WORKING POC
MojoPersonals - SQL Injection
SQL injection vulnerability in mojoClassified.cgi in MojoPersonals allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2008-3267 EXPLOITDB perl WORKING POC
MojoJobs - SQL Injection
SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.