Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-23 | CVE-2008-0388 | SQL Injection vulnerability in Wordpress WP Forum 1.7.4 SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI. | 6.8 |
| 2008-01-22 | CVE-2008-0383 | SQL Injection vulnerability in Mybb Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php. | 7.5 |
| 2008-01-22 | CVE-2008-0371 | SQL Injection vulnerability in Alilg Alitalk 1.9.1.1 Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php. | 6.8 |
| 2008-01-18 | CVE-2008-0363 | SQL Injection vulnerability in Clever Copy Clever Copy Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php. | 7.5 |
| 2008-01-18 | CVE-2008-0360 | SQL Injection vulnerability in Blog CMS Blog CMS 4.2.1C Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php. | 7.5 |
| 2008-01-18 | CVE-2008-0358 | SQL Injection vulnerability in Pixelpost 1.7 SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter. | 6.8 |
| 2008-01-18 | CVE-2008-0355 | SQL Injection vulnerability in PHPecho CMS PHPecho CMS SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866. | 7.5 |
| 2008-01-18 | CVE-2008-0353 | SQL Injection vulnerability in PHP-Residence 0.7.2/1.0 SQL injection vulnerability in visualizza_tabelle.php in php-residence 0.7.2 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cognome_cerca parameter. | 7.5 |
| 2008-01-17 | CVE-2008-0328 | SQL Injection vulnerability in Fascript Faname 1.0 SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-01-17 | CVE-2008-0327 | SQL Injection vulnerability in Fascript Famp3 1.0 SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |