CWE-89

CVE-2008-2897

February 26, 2023 by

SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta allows remote attackers to execute arbitrary SQL commands via the page parameter.

CVE-2008-2900

February 26, 2023 by

SQL injection vulnerability in item.php in PHPAuction 3.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.4 allow remote authenticated users to execute arbitrary SQL commands via the (1) address parameter to addressbook.php, the (2) getnews parameter to familynews.php, and the (3) poll_id parameter to home.php in a results action.

CVE-2008-2902

February 26, 2023 by

SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085.

CVE-2008-2903

February 26, 2023 by

SQL injection vulnerability in news.php in Advanced Webhost Billing System (AWBS) 2.3.3 through 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the viewnews parameter.

CVE-2008-2904

February 26, 2023 by

SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows remote attackers to execute arbitrary SQL commands via the cat parameter.