CWE-89

CVE-2008-7145

February 26, 2023 by

Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters.

SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.

CVE-2008-7169

February 26, 2023 by

SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.

CVE-2008-7114

February 26, 2023 by

SQL injection vulnerability in members_search.php in iFusion Services iFdate 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the name field.

CVE-2008-7116

February 26, 2023 by

SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username.

CVE-2008-7119

February 26, 2023 by

SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.