Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-01-08 | CVE-2008-0142 | SQL Injection vulnerability in Webportal CMS 0.6Beta Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors. | 6.8 |
| 2008-01-08 | CVE-2008-0139 | SQL Injection vulnerability in Loudblog Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter. | 6.8 |
| 2008-01-08 | CVE-2008-0138 | SQL Injection vulnerability in Xoops Xoopsgallery Module 1.3.39 PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter. | 6.8 |
| 2008-01-08 | CVE-2008-0137 | SQL Injection vulnerability in Snetworks PHP Classifieds 5.0 PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter. | 7.5 |
| 2008-01-08 | CVE-2008-0133 | SQL Injection vulnerability in Thomas Perez Tribisur Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action. | 7.5 |
| 2008-01-08 | CVE-2008-0130 | SQL Injection vulnerability in Instantsoftwares Dating Site SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. | 7.5 |
| 2008-01-08 | CVE-2008-0129 | SQL Injection vulnerability in Siteatschool SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter. | 6.8 |
| 2008-01-08 | CVE-2007-6671 | SQL Injection vulnerability in Instantsoftwares Dating Site SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. | 7.5 |
| 2008-01-08 | CVE-2008-0099 | SQL Injection vulnerability in Myphp Forum Myphp Forum Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors. | 6.8 |
| 2008-01-08 | CVE-2007-6670 | SQL Injection vulnerability in PHPcredo Phcdownload 1.1 SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter. | 7.5 |