Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-11-29 | CVE-2005-3877 | SQL Injection vulnerability in Cafuego Simple Document Management System 1.1.4/1.1.5/1.1.6 Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php. | 7.5 |
2005-11-26 | CVE-2005-3845 | SQL Injection vulnerability in Ezinvoiceinc EZ Invoice INC 2.0 SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. | 7.5 |
2005-11-26 | CVE-2005-3840 | SQL Injection vulnerability in Omnistar Interactive Omnistar Live SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category_id parameter. | 7.5 |
2005-11-26 | CVE-2005-3817 | SQL Injection vulnerability in Softbiz web Hosting Directory Script Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module. | 7.5 |
2005-11-22 | CVE-2005-3748 | SQL Injection vulnerability in Tru-Zone Nukeet 3.0/3.1/3.2 SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter. | 7.5 |
2005-11-22 | CVE-2005-3744 | SQL Injection vulnerability in PHPcomasy 0.7.4 SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2005-11-19 | CVE-2005-3686 | SQL Injection vulnerability in Newsboard Unclassified Newsboard SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php. | 7.5 |
2005-11-17 | CVE-2005-3646 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php. | 7.5 |
2005-11-16 | CVE-2005-3553 | SQL Injection vulnerability in PHPkit Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable). | 7.5 |
2005-11-16 | CVE-2005-3543 | SQL Injection vulnerability in Phorum SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter. | 6.8 |