Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-17 | CVE-2005-4315 | SQL Injection vulnerability in Nicplex Plexcart X3 SQL injection vulnerability in the search function in Plexum PLEXCART X3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly involving the (1) s_itemname and (2) s_orderby parameters to plexcart.pl. | 7.5 |
| 2005-12-15 | CVE-2005-4263 | SQL Injection vulnerability in Envolution SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter. | 7.5 |
| 2005-12-14 | CVE-2005-4246 | SQL Injection vulnerability in Plogger SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter. | 7.5 |
| 2005-12-14 | CVE-2005-4244 | SQL Injection vulnerability in Snipegallery Snipe Gallery SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php. | 7.5 |
| 2005-12-14 | CVE-2005-4228 | SQL Injection vulnerability in PHPwebgallery Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. | 7.5 |
| 2005-12-13 | CVE-2005-4199 | SQL Injection vulnerability in Mybb 1.0 Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. | 7.5 |
| 2005-12-13 | CVE-2005-4198 | SQL Injection vulnerability in Netref 3.0 SQL injection vulnerability in index.php in Netref 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
| 2005-12-13 | CVE-2005-4195 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. | 7.5 |
| 2005-12-08 | CVE-2005-4073 | SQL Injection vulnerability in Cfmagic Magic List PRO SQL injection vulnerability in view_archive.cfm in CFMagic Magic List Pro 2.5 allows remote attackers to execute arbitrary SQL commands via the ListID parameter. | 7.5 |
| 2005-12-08 | CVE-2005-4071 | SQL Injection vulnerability in Cfmagic Magic Forum Personal Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm. | 7.5 |