CWE-89

SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.

SQL injection vulnerability in inc/module/online.php in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a user details action, a different vector than CVE-2008-1425.

Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php.

SQL injection vulnerability in EfesTech E-Kontör and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the query parameter.

SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.