Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-30 | CVE-2007-0582 | SQL Injection vulnerability in Chernobile 1.0 SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows remote attackers to execute arbitrary SQL commands via the User (username) field. | 7.5 |
2007-01-26 | CVE-2007-0527 | SQL Injection vulnerability in Website Baker Website Baker SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. | 6.8 |
2007-01-26 | CVE-2007-0520 | SQL Injection vulnerability in Unique ADS Unique ADS 1.0 SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter. | 7.5 |
2007-01-19 | CVE-2007-0350 | SQL Injection vulnerability in SME Filemailer Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. | 7.5 |
2007-01-11 | CVE-2007-0196 | SQL Injection vulnerability in Motionborg web Real Estate SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. | 7.5 |
2006-12-31 | CVE-2006-7232 | SQL Injection vulnerability in multiple products sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY. | 3.5 |
2006-12-31 | CVE-2006-7231 | SQL Injection vulnerability in Civica Software Civica SQL injection vulnerability in display.asp in Civica Software Civica allows remote attackers to execute arbitrary SQL commands via the Entry parameter. | 7.5 |
2006-12-31 | CVE-2006-6912 | SQL Injection vulnerability in PHPmyfaq SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter. | 7.5 |
2006-12-31 | CVE-2006-6880 | SQL Injection vulnerability in PHP-Update Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter. | 7.5 |
2006-12-31 | CVE-2006-6848 | SQL Injection vulnerability in Aspticker 1.0 SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter. | 7.5 |