Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2006-11-22 CVE-2006-6038 SQL Injection vulnerability in Powie Pforum
SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
powie CWE-89
7.5
7.5
2006-11-10 CVE-2006-5829 SQL Injection vulnerability in Aiocp
Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php.
network
aiocp CWE-89
6.8
6.8
2006-10-31 CVE-2006-5629 SQL Injection vulnerability in Hosting Controller Hosting Controller
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp.
network
low complexity
hosting-controller CWE-89
7.5
7.5
2006-10-31 CVE-2006-5606 SQL Injection vulnerability in Bytesfall Explorer Bytesfall Explorer
Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors.
network
low complexity
bytesfall-explorer CWE-89
7.5
7.5
2006-10-12 CVE-2006-5242 SQL Injection vulnerability in Etomite 0.6
SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
etomite CWE-89
7.5
7.5
2006-10-10 CVE-2006-5221 SQL Injection vulnerability in Cahier DE Textes Cahier DE Textes 2.0
Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) matiere_ID parameter in lire.php or the (2) classe_ID parameter in lire_a_faire.php.
network
low complexity
cahier-de-textes CWE-89
7.5
7.5
2006-09-14 CVE-2006-4785 SQL Injection vulnerability in Moodle
SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int.
network
low complexity
moodle CWE-89
7.5
7.5
2006-09-13 CVE-2006-4756 SQL Injection vulnerability in Accomplishtechnology PHPmydirectory
SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter.
network
low complexity
accomplishtechnology CWE-89
7.5
7.5
2006-09-13 CVE-2006-4736 SQL Injection vulnerability in Cms.R. 5.5
Multiple SQL injection vulnerabilities in index.php in CMS.R.
network
low complexity
cms-r CWE-89
7.5
7.5
2006-09-13 CVE-2006-4734 SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.4
Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.
network
low complexity
tiki CWE-89
7.5
7.5