Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-21 | CVE-2006-1978 | SQL Injection vulnerability in Flexbb SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_username COOKIE parameter. | 7.5 |
| 2006-04-21 | CVE-2006-1962 | SQL Injection vulnerability in Pcpin Chat SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php. | 7.5 |
| 2006-04-20 | CVE-2006-1871 | SQL Injection vulnerability in Oracle Database Server 10.1.0.5/9.2.0.7 SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package, aka Vuln# DB06. | 6.5 |
| 2006-04-12 | CVE-2006-1751 | SQL Injection vulnerability in Michiel VAN Baak Mvblog Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2006-03-30 | CVE-2006-1501 | SQL Injection vulnerability in Oneorzero 1.6.3.0 SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action. | 7.5 |
| 2006-03-30 | CVE-2006-1500 | SQL Injection vulnerability in Tilde CMS 3.0 SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-03-28 | CVE-2006-1423 | SQL Injection vulnerability in Ubbcentral Ubb.Threads SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 br5, 6.0.1, 6.0.2, and earlier, allows remote attackers to execute arbitrary SQL commands via the Number parameter. | 5.0 |
| 2006-03-23 | CVE-2006-1360 | SQL Injection vulnerability in Musicbox 2.3Beta2 Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) type, or (3) show parameter to (a) index.php; or the (4) message1 or (5) message parameter to (b) cart.php. | 7.5 |
| 2006-03-21 | CVE-2006-1330 | SQL Injection vulnerability in PHPwebsite 0.7.3/0.8.2/0.8.3 Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php. | 7.5 |
| 2006-03-19 | CVE-2006-1278 | SQL Injection vulnerability in Upoint @1 File Store 2006.03.07 SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and (15) the id parameter in folder.php. | 6.8 |