SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. NOTE: a patch may have been released privately between April and June 2007. NOTE: this issue may overlap CVE-2007-3273.
CWE-89
CVE-2007-3119
SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) 1.0 allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
CVE-2007-3063
SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter.
CVE-2007-2997
** DISPUTED ** Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating “We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product.”
CVE-2007-2898
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.
CVE-2007-2803
SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action.