Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-02-12 | CVE-2008-0690 | SQL Injection vulnerability in Joomla COM Directory 2.3.2 SQL injection vulnerability in index.php in the mosDirectory (com_directory) 2.3.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewcat action. | 7.5 |
| 2008-02-12 | CVE-2008-0689 | SQL Injection vulnerability in Joomla COM Marketplace 1.1.1/1.1.1Pl1 SQL injection vulnerability in index.php in the Marketplace (com_marketplace) 1.1.1 and 1.1.1-pl1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_category action. | 7.5 |
| 2008-02-12 | CVE-2008-0686 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
| 2008-02-12 | CVE-2008-0685 | SQL Injection vulnerability in Itechscripts Itechclassifieds 3.0 SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | 7.5 |
| 2008-02-12 | CVE-2008-0683 | SQL Injection vulnerability in Wordpress ST Newsletter Plugin SQL injection vulnerability in shiftthis-preview.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter. | 7.5 |
| 2008-02-12 | CVE-2008-0682 | SQL Injection vulnerability in Wordpress Wordspew SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-02-12 | CVE-2008-0681 | SQL Injection vulnerability in PHPshop 0.8.1 SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action. | 6.8 |
| 2008-02-12 | CVE-2008-0678 | SQL Injection vulnerability in Blogphp 2.0 SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action. | 6.8 |
| 2008-02-12 | CVE-2008-0677 | SQL Injection vulnerability in A-Blog 2 SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action. | 7.5 |
| 2008-02-12 | CVE-2008-0675 | SQL Injection vulnerability in the Everything Development Company the Everything Development Engine SQL injection vulnerability in cms/index.pl in The Everything Development Engine in The Everything Development System Pre-1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the node_id parameter. | 7.5 |