CWE-89

Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) post_id, (2) post_category_id, (3) post_year_month, and (4) static_page_id parameters; and unspecified other vectors.

SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php.

SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickTalk Forum 1.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php.

SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg’s Place) phpMyNewsletter 0.8 beta 5 and earlier allows remote attackers to execute arbitrary SQL commands via the msg_id parameter.