Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-15 | CVE-2008-0278 | SQL Injection vulnerability in X7 Group X7 Chat SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action. | 6.0 |
| 2008-01-15 | CVE-2008-0270 | SQL Injection vulnerability in Taskfreak SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter. | 6.0 |
| 2008-01-15 | CVE-2008-0267 | SQL Injection vulnerability in Eticket 1.5.5.2 Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php. | 7.5 |
| 2008-01-15 | CVE-2008-0262 | SQL Injection vulnerability in Agares Media PHPautovideo 2.21 SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter. | 7.5 |
| 2008-01-15 | CVE-2008-0256 | SQL Injection vulnerability in Matteo Binda ASP Photo Gallery 1.0 Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp. | 7.5 |
| 2008-01-15 | CVE-2008-0255 | SQL Injection vulnerability in Igamingcms Igaming CMS 1.5 SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter. | 7.5 |
| 2008-01-15 | CVE-2008-0254 | SQL Injection vulnerability in Wavelink Media Tutorialcms 1.02 SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter. | 6.8 |
| 2008-01-15 | CVE-2008-0253 | SQL Injection vulnerability in Binn Sbuilder SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter. | 7.5 |
| 2008-01-15 | CVE-2008-0173 | SQL Injection vulnerability in Gforge SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports. | 7.5 |
| 2008-01-11 | CVE-2008-0232 | SQL Injection vulnerability in Zero CMS Zero CMS 1.0Alpha Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php. | 7.5 |