Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-10 | CVE-2008-0224 | SQL Injection vulnerability in Runcms 1.5.3/1.6/1.6.1 SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter. | 7.5 |
| 2008-01-10 | CVE-2008-0219 | SQL Injection vulnerability in PHP Webquest PHP Webquest 2.6 SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920. | 7.5 |
| 2008-01-09 | CVE-2008-0187 | SQL Injection vulnerability in Spacial Audio Solutions Samphpweb 4.2.2 SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter. | 7.5 |
| 2008-01-09 | CVE-2008-0185 | SQL Injection vulnerability in Netrisk 1.9.7 SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php). | 7.5 |
| 2008-01-09 | CVE-2007-5402 | SQL Injection vulnerability in Layton Technology Helpbox 3.7.1 Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow (1) remote attackers to execute arbitrary SQL commands via the sys_request_id parameter to editrequestenduser.asp; and allow remote authenticated users to execute arbitrary SQL commands via (2) the oldpassword parameter to writepwdenduser.asp, and the sys_request_id parameter to (3) changerequeststatus.asp, (4) editrequestuser.asp, (5) requestcommentsuser.asp, and (6) useractions.asp, different vectors than CVE-2004-2551. | 6.5 |
| 2008-01-09 | CVE-2008-0159 | SQL Injection vulnerability in Eggblog SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie. | 6.8 |
| 2008-01-09 | CVE-2008-0157 | SQL Injection vulnerability in Flexbb 1.010005Betarelease1 SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie. | 7.5 |
| 2008-01-09 | CVE-2008-0154 | SQL Injection vulnerability in Evilboard 0.1A SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter. | 7.5 |
| 2008-01-09 | CVE-2008-0147 | SQL Injection vulnerability in Smallnuke 2.0.4 SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action. | 6.8 |
| 2008-01-08 | CVE-2008-0144 | SQL Injection vulnerability in PHPrisk Netrisk 1.9.7 PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | 7.5 |