Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-11-22 | CVE-2006-6038 | SQL Injection vulnerability in Powie Pforum SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-11-10 | CVE-2006-5829 | SQL Injection vulnerability in Aiocp Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php. | 6.8 |
2006-10-31 | CVE-2006-5629 | SQL Injection vulnerability in Hosting Controller Hosting Controller Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. | 7.5 |
2006-10-31 | CVE-2006-5606 | SQL Injection vulnerability in Bytesfall Explorer Bytesfall Explorer Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors. | 7.5 |
2006-10-12 | CVE-2006-5242 | SQL Injection vulnerability in Etomite 0.6 SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2006-10-10 | CVE-2006-5221 | SQL Injection vulnerability in Cahier DE Textes Cahier DE Textes 2.0 Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) matiere_ID parameter in lire.php or the (2) classe_ID parameter in lire_a_faire.php. | 7.5 |
2006-09-14 | CVE-2006-4785 | SQL Injection vulnerability in Moodle SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int. | 7.5 |
2006-09-13 | CVE-2006-4756 | SQL Injection vulnerability in Accomplishtechnology PHPmydirectory SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. | 7.5 |
2006-09-13 | CVE-2006-4736 | SQL Injection vulnerability in Cms.R. 5.5 Multiple SQL injection vulnerabilities in index.php in CMS.R. | 7.5 |
2006-09-13 | CVE-2006-4734 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.4 Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters. | 7.5 |