Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-07-21 | CVE-2006-3688 | SQL Injection vulnerability in Francisco Charrua Photo-Gallery 1.0 SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-07-07 | CVE-2006-3430 | SQL Injection vulnerability in multiple products SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. | 7.5 |
2006-06-29 | CVE-2006-3318 | SQL Injection vulnerability in Spiffyjr PHPraid 3.0.6 SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters. | 5.1 |
2006-06-23 | CVE-2006-3181 | SQL Injection vulnerability in Mobescripts Mobile Space Community 2.0 SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter. | 7.5 |
2006-06-22 | CVE-2006-3139 | SQL Injection vulnerability in Vwar Virtual WAR Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters. | 7.5 |
2006-06-19 | CVE-2006-3064 | SQL Injection vulnerability in Coppermine Photo Gallery 1.4.8 SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers. | 7.5 |
2006-06-16 | CVE-2006-3048 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
2006-06-12 | CVE-2006-2977 | SQL Injection vulnerability in Mafia Moblog Mafia Moblog SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter. | 7.5 |
2006-06-12 | CVE-2006-2973 | SQL Injection vulnerability in PHP Lite Calendar Express 2.2 Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. | 7.5 |
2006-06-02 | CVE-2006-2760 | SQL Injection vulnerability in Warpspeed 4Nforum 0.91 SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | 7.5 |