Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-31 | CVE-2008-0504 | SQL Injection vulnerability in Coppermine-Gallery Coppermine Photo Gallery Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php. | 6.5 |
| 2008-01-30 | CVE-2008-0499 | SQL Injection vulnerability in Mamboxchange Laithai 4.5.5 SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2008-01-30 | CVE-2008-0498 | SQL Injection vulnerability in Bigware Shop 2.0 SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php. | 7.5 |
| 2008-01-30 | CVE-2008-0490 | SQL Injection vulnerability in Wordpress WP CAL Plugin 0.3 SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-01-30 | CVE-2008-0487 | SQL Injection vulnerability in the NET Guys Aspired2Protect Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | 7.5 |
| 2008-01-29 | CVE-2008-0469 | SQL Injection vulnerability in Tiger PHP News System Tiger PHP News System SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action. | 7.5 |
| 2008-01-29 | CVE-2008-0468 | SQL Injection vulnerability in Flinx SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-01-25 | CVE-2008-0461 | SQL Injection vulnerability in Francisco Burzi PHP-Nuke SQL injection vulnerability in index.php in the Search module in PHP-Nuke 8.0 FINAL and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a comments action to modules.php. | 6.8 |
| 2008-01-25 | CVE-2008-0453 | SQL Injection vulnerability in Easysitenetwork Recipe Website Script SQL injection vulnerability in list.php in Easysitenetwork Recipe allows remote attackers to execute arbitrary SQL commands via the categoryid parameter. | 6.8 |
| 2008-01-25 | CVE-2008-0451 | SQL Injection vulnerability in Pacercms 0.6 Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/. | 7.5 |