Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-02-13 | CVE-2008-0738 | SQL Injection vulnerability in Shoppingtree Candypress Store 4.1.1.26 Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTiers.asp and (b) ajax_getCust.asp in ajax/, and the (2) tableName parameter to (c) ajax/ajax_tableFields.asp. | 7.5 |
| 2008-02-13 | CVE-2008-0737 | SQL Injection vulnerability in Shoppingtree Candypress Store 4.1/4.1.1.26 SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter. | 7.5 |
| 2008-02-13 | CVE-2008-0735 | SQL Injection vulnerability in Auracms 2.2 SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter. | 10.0 |
| 2008-02-13 | CVE-2008-0734 | SQL Injection vulnerability in Limbo CMS Limbo CMS SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php. | 7.5 |
| 2008-02-13 | CVE-2008-0733 | SQL Injection vulnerability in CS Team Counter Strike Portal SQL injection vulnerability in index.php in CS Team Counter Strike Portals allows remote attackers to execute arbitrary SQL commands via the id parameter, as demonstrated using the downloads page. | 7.5 |
| 2008-02-12 | CVE-2008-0721 | SQL Injection vulnerability in Mambo COM Sermon 0.2 SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter. | 7.5 |
| 2008-02-12 | CVE-2008-0719 | SQL Injection vulnerability in Oscommerce Customer Testimonials and Oscommerce SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter. | 7.5 |
| 2008-02-12 | CVE-2008-0714 | SQL Injection vulnerability in Mihalism Multi Host 3.0 SQL injection vulnerability in users.php in Mihalism Multi Host allows remote attackers to execute arbitrary SQL commands via the username parameter in a lost_password_go action. | 6.8 |
| 2008-02-12 | CVE-2008-0695 | SQL Injection vulnerability in Bookmarkx Script 2007 SQL injection vulnerability in index.php in BookmarkX script 2007 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a showtopic action. | 7.5 |
| 2008-02-12 | CVE-2008-0692 | SQL Injection vulnerability in Itechscripts Itechbids 3Gold/5.0 SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | 7.5 |