Vulnerabilities > 2Daybiz > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-06-28 | CVE-2010-2510 | SQL Injection vulnerability in 2Daybiz web Template Software SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter. | 7.5 |
| 2010-06-28 | CVE-2010-2508 | SQL Injection vulnerability in 2Daybiz Video Community Portal Script 1.0 SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter. | 7.5 |
| 2010-06-25 | CVE-2010-2459 | SQL Injection vulnerability in 2Daybiz Video Community Portal Script 1.0 SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter. | 7.5 |
| 2010-05-04 | CVE-2010-1706 | SQL Injection vulnerability in 2Daybiz Auction Script Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. | 7.5 |
| 2010-05-04 | CVE-2010-1704 | SQL Injection vulnerability in 2Daybiz Polls Script Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. | 7.5 |
| 2009-05-29 | CVE-2009-1819 | SQL Injection vulnerability in 2Daybiz Custom T-Shirt Design Script SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2009-05-16 | CVE-2009-1652 | Permissions, Privileges, and Access Controls vulnerability in 2Daybiz Business Community Script admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request. | 7.5 |
| 2009-05-16 | CVE-2009-1651 | SQL Injection vulnerability in 2Daybiz Business Community Script SQL injection vulnerability in admin/member_details.php in 2daybiz Business Community Script allows remote attackers to execute arbitrary SQL commands via the mid parameter. | 7.5 |