Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field).
CWE-89
CVE-2008-6802
Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6803
SQL injection vulnerability in diziler.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6805
Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php.
CVE-2008-6808
SQL injection vulnerability in links.php in Scripts for Sites (SFS) EZ Link Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
CVE-2008-6809
SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.