An attack vector is the bauth cookie to cgi-bin/MANGA/
One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.
An attacker could exploit this vulnerability by sending crafted URLs that include SQL statements.
An exploit could allow the attacker to modify or delete entries in some database tables, affecting the integrity of the data. A vulnerability in the web-based management interface of the Cisco Smart Net Total Care (SNTC) Software Collector Appliance 3.11 could allow an authenticated, remote attacker to perform a read-only, blind SQL injection attack, which could allow the attacker to compromise the confidentiality of the system through SQL timing attacks.
SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for Word Press is exploitable with the order_by parameter to calendar_or widget_Theme_functions.php, related to front_end/frontend_
SQL injection vulnerability in the get User Uddi Elements method in the ES UDDI component in SAP Net Weaver AS Java 7.4 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2356504.
This affects ./inc/subscriber_with the POST Parameter: list_id.
This affects ./inc/campaign/with the GET Parameter: id.
** DISPUTED ** Big Tree CMS through 4.2.18 allows remote authenticated users to conduct SQL injection attacks via a crafted tables object in in an uploaded package.
More Information: CSCvc23892 CSCvc35270 CSCvc35626 CSCvc35630 CSCvc49568. Vulnerabilities in the web-based GUI of Cisco Unified Communications Domain Manager (CUCDM) could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries, aka SQL Injection. This affects ./inc/subscriber_with the POST Parameter: subscriber_email.
A SQL injection issue is exploitable, with Word Press admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for Word Press.
A vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5), 11.0(1.10000.10), and 11.5(1.10000.6) could allow an authenticated, remote attacker to conduct a blind SQL injection attack.
The vulnerability is due to a failure to validate user-supplied input used in SQL queries that bypass protection filters.