phplist is an application to manage newsletters, written in PHP. In version 3.2.6, it is vulnerable to SQL injection. The application contains two SQL injections, one of which is in the administration area and one which requires no credentials. Additionally, at least one query is not properly protected against injections. Furthermore, a query in the administration area discloses some information on the password hashes of users.
Lepton is a content management system written in PHP. In version 2.2.2, it is vulnerable to multiple SQL injections. The injections require a user account with elevated privileges.
MyBB is forum software written in PHP. In version 1.8.6, it is vulnerable to a second order SQL injection by an authenticated admin user, allowing the extraction of data from the database.
There is an SQL injection in Bigace. A user account with the lowest privilege level is required.
There is a Blind SQL Injection vulnerability in Xoops 2.5.7.1. An admin account is required to exploit this issue.
There are two SQL Injections in Arastta 1.1.5, which both require a user with special privileges to trigger.
There is an SQL Injection vulnerability in the admin area of 4images 1.7.11.
There is an SQL Injection vulnerability in the admin area of AlegroCart 1.2.8.
There are multiple SQL Injection vulnerabilities in ClipperCMS 1.3.0.
There are multiple SQL Injection vulnerabilities in the admin area of TheHostingTool 1.2.6.
There is a Code Execution vulnerability in the admin area of Pligg CMS 2.0.2. It can be exploited via CSRF. This issue has not been fixed.
There are multiple SQL Injection vulnerabilities in ZeusCart 4.0. This issue has not been fixed.
There is a Blind SQL Injection vulnerability in the admin area of Serendipity 2.0.1.
There are two SQL injection vulnerabilities in CodoForum, one of which does not require the attacker to be authenticated.
There are multiple SQL injection vulnerabilities in the admin area of version 4.2.3 of the BigTree CMS.
