Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-06 | CVE-2006-4564 | SQL Injection vulnerability in Simplemachines SMF 1.1 SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter. | 5.1 |
| 2006-08-17 | CVE-2006-4214 | SQL Injection vulnerability in ZEN Cart ZEN Cart Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php). | 7.5 |
| 2006-08-10 | CVE-2006-4064 | SQL Injection vulnerability in Yenerturk Haber Script 1.0/2.0 SQL injection vulnerability in default.asp in YenerTurk Haber Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-08-09 | CVE-2006-4042 | SQL Injection vulnerability in Mywebland Mybloggie Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters. | 7.5 |
| 2006-08-09 | CVE-2006-4039 | SQL Injection vulnerability in Chaossoft Gaestechaos Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters. | 7.5 |
| 2006-08-07 | CVE-2006-4010 | SQL Injection vulnerability in Vwar Virtual WAR 1.5.0 SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
| 2006-08-01 | CVE-2006-3960 | SQL Injection vulnerability in X-Scripts X-Poll 2.30 SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. | 7.5 |
| 2006-07-27 | CVE-2006-3904 | SQL Injection vulnerability in Etomite 0.6 SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | 6.8 |
| 2006-07-25 | CVE-2006-3823 | SQL Injection vulnerability in Geodesicsolutions Geoauctions Premier and Geoclassifieds Basic SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter. | 5.1 |
| 2006-07-24 | CVE-2006-3775 | SQL Injection vulnerability in Mybulletinboard 1.1.5 SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php. | 7.5 |