Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-04-12 | CVE-2007-2000 | SQL Injection vulnerability in Raphael Limbach Crea-Book Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter. | 7.5 |
| 2007-04-11 | CVE-2007-1962 | SQL Injection vulnerability in Xoops Wf-Snippets SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | 7.5 |
| 2007-04-11 | CVE-2007-1960 | SQL Injection vulnerability in Xoops Rha7 Downloads Module 1.0/1.10 SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter. | 7.5 |
| 2007-04-10 | CVE-2007-1920 | SQL Injection vulnerability in Smodbip SQL injection vulnerability in index.php in the aktualnosci module in SmodBIP 1.06 and earlier allows remote attackers to execute arbitrary SQL commands via the zoom parameter, possibly related to home.php. | 7.5 |
| 2007-04-09 | CVE-2007-1897 | SQL Injection vulnerability in Wordpress SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. | 6.5 |
| 2007-03-30 | CVE-2007-1776 | SQL Injection vulnerability in Design FOR Joomla D4J Ezine SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action. | 6.8 |
| 2007-03-21 | CVE-2007-1573 | SQL Injection vulnerability in Jelsoft Vbulletin 3.6.4 SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field. | 6.0 |
| 2007-03-20 | CVE-2007-1548 | SQL Injection vulnerability in Webwizguide web WIZ Forums SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote) sequences, which are collapsed into \'', as demonstrated via the name parameter to forum/pop_up_member_search.asp. | 7.5 |
| 2007-03-20 | CVE-2006-7170 | SQL Injection vulnerability in Koan Software Mega Mall Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php. | 7.5 |
| 2007-03-16 | CVE-2007-1469 | SQL Injection vulnerability in Xigla Absolute Image Gallery XE 2.0 SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action. | 7.5 |