Database is hacked over and over again; already cleaned the site for SQL injection

The attacker most likely doesn't need to know the password to execute the change - here's how I would address it:

Locate the query function wrapper for your CMS and update it to log to a file and/or send an e-mail whenever a regexp on the query string matches your spam string - include any and all relevant server and CMS variables which may help identify the source of the issue.

Note that you can call debug_backtrace() on PHP 4.3+ to isolate include files if this could be the work of a malicious plug-in.


Probably a leftover injection attack - can you set up a DB trigger to let you know when the record changes again? Then correlated that with your webserver logs - should lead to the culprit immediately.

Also ensure you are logging as much as you can get away with (referrers, etc)