Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-16 | CVE-2006-2416 | SQL Injection vulnerability in E107 SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name']. | 5.1 |
2006-05-15 | CVE-2006-2363 | SQL Injection vulnerability in Limbo CMS Limbo CMS 1.0.4.2 SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 5.1 |
2006-05-11 | CVE-2006-2301 | SQL Injection vulnerability in Ozzywork Galeri 2.0 SQL injection vulnerability in admin_default.asp in OzzyWork Galeri allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password fields. | 7.5 |
2006-05-09 | CVE-2006-2268 | SQL Injection vulnerability in Flexcustomer 0.0.1/0.0.4 SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. | 7.5 |
2006-05-09 | CVE-2006-2259 | SQL Injection vulnerability in Maxxcode Maxxschedule 1.0 SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter. | 7.5 |
2006-05-09 | CVE-2006-2239 | SQL Injection vulnerability in Tuomas Airaksinen Newsadmin 1.1 SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows remote attackers to execute arbitrary SQL commands via the nid parameter. | 7.5 |
2006-05-03 | CVE-2006-2157 | SQL Injection vulnerability in Plogger 2.1 SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". | 7.5 |
2006-05-01 | CVE-2006-2128 | SQL Injection vulnerability in Deltascripts PRO Publish 2.0 Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php. | 7.5 |
2006-04-29 | CVE-2006-2103 | SQL Injection vulnerability in Mybulletinboard 1.1.1 SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php. | 2.1 |
2006-04-29 | CVE-2006-2090 | SQL Injection vulnerability in Mysmartbb 1.1.2/1.1.3 Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) username parameters. | 7.5 |