Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-20 | CVE-2005-4382 | SQL Injection vulnerability in Citysoft Community Enterprise SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm. | 7.5 |
2005-12-20 | CVE-2005-4380 | SQL Injection vulnerability in Bitweaver 1.1/1.1.1Beta Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php. | 7.5 |
2005-12-17 | CVE-2005-4315 | SQL Injection vulnerability in Nicplex Plexcart X3 SQL injection vulnerability in the search function in Plexum PLEXCART X3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly involving the (1) s_itemname and (2) s_orderby parameters to plexcart.pl. | 7.5 |
2005-12-15 | CVE-2005-4263 | SQL Injection vulnerability in Envolution SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter. | 7.5 |
2005-12-14 | CVE-2005-4246 | SQL Injection vulnerability in Plogger SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter. | 7.5 |
2005-12-14 | CVE-2005-4244 | SQL Injection vulnerability in Snipegallery Snipe Gallery SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php. | 7.5 |
2005-12-14 | CVE-2005-4228 | SQL Injection vulnerability in PHPwebgallery Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. | 7.5 |
2005-12-13 | CVE-2005-4199 | SQL Injection vulnerability in Mybb 1.0 Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. | 7.5 |
2005-12-13 | CVE-2005-4198 | SQL Injection vulnerability in Netref 3.0 SQL injection vulnerability in index.php in Netref 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
2005-12-13 | CVE-2005-4195 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. | 7.5 |