Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-07 | CVE-2006-1049 | SQL Injection vulnerability in Joomla Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
2006-03-07 | CVE-2006-1018 | SQL Injection vulnerability in Dci-Designs Dawaween 1.03 SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a diwan view action. | 7.5 |
2006-03-06 | CVE-2006-1006 | SQL Injection vulnerability in Sendcard Multiple SQL injection vulnerabilities in sendcard.php in sendcard before 3.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | 7.5 |
2006-03-02 | CVE-2006-0961 | SQL Injection vulnerability in Cilem Haber 1.1 SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. | 7.5 |
2006-03-02 | CVE-2006-0959 | SQL Injection vulnerability in Mybulletinboard 1.0.3/1.0.4 SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. | 7.5 |
2006-02-19 | CVE-2006-0772 | SQL Injection vulnerability in Hitachi Business Logic 0203/0300 SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function. | 7.5 |
2006-02-18 | CVE-2006-0750 | SQL Injection vulnerability in Supersmashbrothers Army System 2.1.0Foripb SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php. | 7.5 |
2006-02-15 | CVE-2006-0692 | SQL Injection vulnerability in Carey Briggs PHP Mysql Timesheet 1/2 Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a) index.php and (b) changehrs.php. | 7.5 |
2006-02-08 | CVE-2006-0602 | SQL Injection vulnerability in Hinton Design PHPhg Guestbook 1.2 Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to check.php or the id parameter to (2) admin/edit_smilie.php, (3) admin/add_theme.php, (4) admin/ban_ip.php, (5) admin/add_lang.php, or (6) admin/edit_filter.php. | 7.5 |
2006-02-01 | CVE-2006-0510 | SQL Injection vulnerability in Daffodil Software Daffodil CRM 1.5 SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action. | 7.5 |