Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-30 | CVE-2007-4863 | SQL Injection vulnerability in Quirm Saxon 5.4 SQL injection vulnerability in example.php in SAXON 5.4 allows remote attackers to execute arbitrary SQL commands via the template parameter. | 6.8 |
| 2007-10-29 | CVE-2007-5704 | SQL Injection vulnerability in Codewidgets Online Event Registration Template Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event Registration Template allow remote attackers to execute arbitrary SQL commands via the (1) Email Address and (2) Password fields in (a) login.asp and (b) admin_login.asp. | 7.5 |
| 2007-10-29 | CVE-2007-5688 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters. | 7.5 |
| 2007-10-25 | CVE-2007-5679 | SQL Injection vulnerability in Deeemm Dmcms 0.7.0/0.7.4 SQL injection vulnerability in index.php in DeeEmm.com DM CMS 0.7.0.Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in the media page (build_media_content.php). | 7.5 |
| 2007-10-24 | CVE-2007-5678 | SQL Injection vulnerability in PHPbasic SQL injection vulnerability in the Music module in phpBasic allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to the default URI. | 7.5 |
| 2007-10-23 | CVE-2007-5646 | SQL Injection vulnerability in Simple Machines Simple Machines Forum 1.0.11/1.1.3 SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php. | 6.8 |
| 2007-10-23 | CVE-2007-5643 | SQL Injection vulnerability in Lussumo Vanilla Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php. | 7.5 |
| 2007-10-23 | CVE-2007-5630 | SQL Injection vulnerability in Bbsprocess Bbportals SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS 1.5.10 through 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a tnews action. | 7.5 |
| 2007-10-17 | CVE-2007-5511 | SQL Injection vulnerability in Oracle Database Server SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. | 6.5 |
| 2007-10-17 | CVE-2007-5508 | SQL Injection vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3 Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. | 6.5 |