Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-18 | CVE-2007-3884 | SQL Injection vulnerability in Aspindir Husrevforum 1.0.1/2.0.1 SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | 7.5 |
| 2007-07-11 | CVE-2007-3705 | SQL Injection vulnerability in Fusetalk 2.0 SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified components, related to forum/include/error/forumerror.cfm. | 7.5 |
| 2007-07-11 | CVE-2007-3687 | SQL Injection vulnerability in Infernotechnologies RPG Inferno SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action. | 6.5 |
| 2007-07-11 | CVE-2007-3677 | SQL Injection vulnerability in Maxsi Evisit Analyst Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl, (2) ip.pl, and (3) einsite_director.pl. | 7.5 |
| 2007-07-10 | CVE-2007-3637 | SQL Injection vulnerability in Mkportal 1.1.1 SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. | 7.5 |
| 2007-07-04 | CVE-2007-3563 | SQL Injection vulnerability in Avscripts AV Arcade 2.1B SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php. | 7.5 |
| 2007-07-03 | CVE-2007-3539 | SQL Injection vulnerability in Qt-Cute Quicktalk Forum and Quickticket Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php. | 7.5 |
| 2007-06-27 | CVE-2007-3447 | SQL Injection vulnerability in Bugmall Shopping Cart 2.5 SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected. | 6.8 |
| 2007-06-26 | CVE-2007-3399 | SQL Injection vulnerability in PHPee Power Phlogger 2.2.2/2.2.3/2.2.4 SQL injection vulnerability in include/get_userdata.php in Power Phlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php. | 7.5 |
| 2007-06-20 | CVE-2007-3301 | SQL Injection vulnerability in Fusetalk 2.0 SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. | 7.5 |