Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-07 | CVE-2006-6349 | SQL Injection vulnerability in PWP Technologies the Classified AD System Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine. | 7.5 |
| 2006-12-07 | CVE-2006-6337 | SQL Injection vulnerability in Aspindir Aspee Ziyaretci Defteri Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter. | 7.5 |
| 2006-11-28 | CVE-2006-6157 | SQL Injection vulnerability in Michaelis Freunde Contentnow SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. | 7.5 |
| 2006-11-24 | CVE-2006-6095 | SQL Injection vulnerability in Dotnetindex Active News Manager Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. | 7.5 |
| 2006-11-24 | CVE-2006-6073 | SQL Injection vulnerability in Enthrallweb Eshopping Cart Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp. | 7.5 |
| 2006-11-22 | CVE-2006-6048 | SQL Injection vulnerability in Etomite 0.6.1.2 SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 |
| 2006-11-22 | CVE-2006-6038 | SQL Injection vulnerability in Powie Pforum SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-11-10 | CVE-2006-5829 | SQL Injection vulnerability in Aiocp Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php. | 6.8 |
| 2006-10-31 | CVE-2006-5629 | SQL Injection vulnerability in Hosting Controller Hosting Controller Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. | 7.5 |
| 2006-10-31 | CVE-2006-5606 | SQL Injection vulnerability in Bytesfall Explorer Bytesfall Explorer Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors. | 7.5 |