CWE-89

SQL injection vulnerability in image.php in NetArt Media Car Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in image.php in NetArt Media Blog System 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.

SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter.

SQL injection vulnerability in members.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in answer.php in Experts 1.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the question_id parameter.