A SQL injection vulnerability exists in the Joomla Component com_radio. An attacker can send a malicious SQL query to the vulnerable parameter 'id' in the 'exibi_descricao' task of the 'com_radio' component. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
A SQL injection vulnerability exists in the Joomla Component com_business. An attacker can send a specially crafted HTTP request to the vulnerable application to execute arbitrary SQL commands in the back-end database.
The vulnerability exists due to insufficient sanitization of user-supplied input in the 'id' parameter of the 'com_departments' component. A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary SQL commands in application's database. This can be exploited to disclose sensitive information, modify data, compromise the application, access or delete data, or exploit latent vulnerabilities in the underlying database.
An attacker can exploit a SQL injection vulnerability in 68kb v1.0.0rc2 to gain access to the database. The attacker can use the search feature to inject malicious SQL code. The attacker can use the code '%')/**/UNION/**/ALL/**/SELECT/**/1,2,user(),4,5,6,7,8,9,10,11,12,13,14,15#' to gain access to the database. The attacker can also use the code '%')/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15/**/from/**/kb_users#' to gain access to usernames and passwords if the default prefix of kb_ is used during the installation.
A SQL injection vulnerability exists in the Joomla Component com_units. An attacker can send a specially crafted HTTP request containing malicious SQL statements to the vulnerable application in order to gain access to unauthorized information or to manipulate data. The vulnerable parameter is the 'id' parameter which is not properly sanitized before being used in a SQL query.
TSOKA:CMS versions 1.1, 1.9 and 2.0 are vulnerable to SQL Injection and XSS attacks. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to execute arbitrary SQL commands on the underlying database and inject malicious JavaScript code into the application.
Devana is an open source browser game in which the player can choose between one of three factions and build an empire. Without being logged in, you have the possibility to view the profiles of other players, file: profile_view.php. Sadly Devana doesn't check the input so SQL injection is possible. There are currently seven other browser games being listed on sourceforge.net which are based on Devana. It is possible that they suffer from the same vulnerability.
An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the URL. For example, http://127.0.0.1/index.php?option=com_personal&pid=56&id=-1 UNION SELECT 1,2,3,4
An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'id' of the 'com_topmenu' component. This can allow the attacker to gain access to the underlying database and potentially execute arbitrary code.
A SQL injection vulnerability exists in the Joomla Component com_science. An attacker can send a malicious SQL query to the vulnerable parameter 'id' in the URL to execute arbitrary SQL commands on the underlying database.
Services By CQR