Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-17 | CVE-2007-4919 | SQL Injection vulnerability in Jblog 1.0 Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote attackers to execute arbitrary SQL commands via the id parameter to index.php, and allow (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/modifpost.php. | 7.5 |
| 2007-09-17 | CVE-2007-4918 | SQL Injection vulnerability in Gelatocms 0.90/0.95/Nil SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php. | 7.5 |
| 2007-09-14 | CVE-2007-4894 | SQL Injection vulnerability in Wordpress Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters." | 7.5 |
| 2007-09-14 | CVE-2007-4892 | SQL Injection vulnerability in Swsoft Plesk Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote attackers to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3. | 7.5 |
| 2007-09-14 | CVE-2007-4881 | SQL Injection vulnerability in Psi-Labs Social Networking Script Psisns 1.0 SQL injection vulnerability in profile/myprofile.php in psi-labs.com social networking script (psisns), probably 1.0, allows remote attackers to execute arbitrary SQL commands via the u parameter. | 7.5 |
| 2007-09-12 | CVE-2007-4846 | SQL Injection vulnerability in Webace Webace-Linkscript 1.3 SQL injection vulnerability in start.php in Webace-Linkscript (wls) 1.3 Special Edition (SE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik go action. | 7.5 |
| 2007-09-12 | CVE-2007-4845 | SQL Injection vulnerability in Rwscripts.Com RW Download Lite 2.0.3 Multiple SQL injection vulnerabilities in UPLOAD/index.php in RW::Download 2.0.3 lite allow remote attackers to execute arbitrary SQL commands via the (1) dlid or (2) cid parameter. | 7.5 |
| 2007-09-12 | CVE-2007-4837 | SQL Injection vulnerability in Proxy Anket Proxy Anket 3.0.1 SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-09-12 | CVE-2007-4835 | SQL Injection vulnerability in PHPmyquote 0.20 SQL injection vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action. | 7.5 |
| 2007-09-11 | CVE-2007-4810 | SQL Injection vulnerability in Netjuke 1.0Rc2 Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to execute arbitrary SQL commands via (1) the ge_id parameter in a list.artists action to explore.php or (2) the id parameter in a show.tracks action to xml.php. | 7.5 |