Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-08 | CVE-2005-4071 | SQL Injection vulnerability in Cfmagic Magic Forum Personal Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm. | 7.5 |
2005-12-07 | CVE-2005-4058 | SQL Injection vulnerability in Saralblog 1/1Beta SQL injection vulnerability in saralblog 1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.php. | 7.5 |
2005-12-06 | CVE-2005-4040 | SQL Injection vulnerability in Tawbaware Filelister SQL injection vulnerability in FileLister 0.51 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameters, possibly the searchwhat parameter to definesearch.jsp. | 7.5 |
2005-12-05 | CVE-2005-4027 | SQL Injection vulnerability in Simplemedia Simplebbs 1.1 SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters. | 7.5 |
2005-12-05 | CVE-2005-4011 | SQL Injection vulnerability in Codewalkers Ltwcalendar SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2005-12-05 | CVE-2005-3996 | SQL Injection vulnerability in Zen-Cart ZEN Cart SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter. | 5.1 |
2005-12-04 | CVE-2005-3984 | SQL Injection vulnerability in Webcalendar 1.0.1 SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. | 7.5 |
2005-12-01 | CVE-2005-3952 | SQL Injection vulnerability in PHP Labs TOP Auction 1.0 SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. | 7.5 |
2005-11-29 | CVE-2005-3881 | SQL Injection vulnerability in Altantisfaq Altantis Knowledge Base Software SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Base Software 2.03 and earlier allows remote attackers to execute arbitrary SQL commands via the searchStr parameter. | 7.5 |
2005-11-29 | CVE-2005-3877 | SQL Injection vulnerability in Cafuego Simple Document Management System 1.1.4/1.1.5/1.1.6 Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php. | 7.5 |