CWE-89

SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php.

SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action.

SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter.

SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.

SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 allows remote attackers to execute arbitrary SQL commands via the kid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

SQL injection vulnerability in the Daily Message (com_dailymessage) 1.0.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.