Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-02 | CVE-2006-0959 | SQL Injection vulnerability in Mybulletinboard 1.0.3/1.0.4 SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. | 7.5 |
| 2006-02-19 | CVE-2006-0772 | SQL Injection vulnerability in Hitachi Business Logic 0203/0300 SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function. | 7.5 |
| 2006-02-18 | CVE-2006-0750 | SQL Injection vulnerability in Supersmashbrothers Army System 2.1.0Foripb SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php. | 7.5 |
| 2006-02-15 | CVE-2006-0692 | SQL Injection vulnerability in Carey Briggs PHP Mysql Timesheet 1/2 Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a) index.php and (b) changehrs.php. | 7.5 |
| 2006-02-08 | CVE-2006-0602 | SQL Injection vulnerability in Hinton Design PHPhg Guestbook 1.2 Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to check.php or the id parameter to (2) admin/edit_smilie.php, (3) admin/add_theme.php, (4) admin/ban_ip.php, (5) admin/add_lang.php, or (6) admin/edit_filter.php. | 7.5 |
| 2006-02-01 | CVE-2006-0510 | SQL Injection vulnerability in Daffodil Software Daffodil CRM 1.5 SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action. | 7.5 |
| 2006-01-25 | CVE-2006-0413 | SQL Injection vulnerability in Newsphp Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter. | 7.5 |
| 2006-01-25 | CVE-2006-0412 | SQL Injection vulnerability in Gencbeyin web Programlama Cybershop SQL injection vulnerability in CyberShop allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | 7.5 |
| 2006-01-25 | CVE-2006-0403 | SQL Injection vulnerability in E-Moblog 1.3 Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) monthy parameter to index.php or (2) login parameter to admin/index.php. | 7.5 |
| 2006-01-19 | CVE-2006-0318 | SQL Injection vulnerability in Insane Visions Blogphp 1.0 SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | 7.5 |