Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-25 | CVE-2006-0413 | SQL Injection vulnerability in Newsphp Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter. | 7.5 |
| 2006-01-25 | CVE-2006-0412 | SQL Injection vulnerability in Gencbeyin web Programlama Cybershop SQL injection vulnerability in CyberShop allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | 7.5 |
| 2006-01-25 | CVE-2006-0403 | SQL Injection vulnerability in E-Moblog 1.3 Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) monthy parameter to index.php or (2) login parameter to admin/index.php. | 7.5 |
| 2006-01-19 | CVE-2006-0318 | SQL Injection vulnerability in Insane Visions Blogphp 1.0 SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | 7.5 |
| 2006-01-18 | CVE-2006-0249 | SQL Injection vulnerability in Bitdamaged Geoblog Mod1.0 SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable). | 7.5 |
| 2006-01-18 | CVE-2006-0240 | SQL Injection vulnerability in 8Pixel.Net Simple Blog Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts. | 7.5 |
| 2006-01-13 | CVE-2006-0205 | SQL Injection vulnerability in Wordcircle 2.17 Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts. | 5.1 |
| 2006-01-13 | CVE-2006-0199 | SQL Injection vulnerability in Mini-Nuke CMS System SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. | 7.5 |
| 2006-01-13 | CVE-2006-0192 | SQL Injection vulnerability in Philip Loftin Aspsurvey 1.10 SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp. | 7.5 |
| 2006-01-10 | CVE-2006-0160 | SQL Injection vulnerability in Venom Board Venom Board 1.22 SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3. | 7.5 |