Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2008-01-04 CVE-2007-6667 SQL Injection vulnerability in Myphp Forum 1.0/2.0
SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
myphp CWE-89
6.8
6.8
2008-01-04 CVE-2007-6666 SQL Injection vulnerability in Zenphoto
SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter.
network
low complexity
zenphoto CWE-89
7.5
7.5
2008-01-04 CVE-2007-6665 SQL Injection vulnerability in Netchemia Oneschool
SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to execute arbitrary SQL commands via the txtLoginID parameter.
network
low complexity
netchemia CWE-89
7.5
7.5
2008-01-04 CVE-2007-6664 SQL Injection vulnerability in Webportal CMS
SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.
network
low complexity
webportal CWE-89
7.5
7.5
2008-01-04 CVE-2007-6663 SQL Injection vulnerability in Pragmatic Utopia PU Arcade 2.0.3/2.1.2/2.1.3
SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php.
network
low complexity
pragmatic-utopia joomla CWE-89
7.5
7.5
2008-01-04 CVE-2007-6658 SQL Injection vulnerability in Customcms Ccms 3.1
SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page.
network
low complexity
customcms CWE-89
7.5
7.5
2008-01-04 CVE-2007-6647 SQL Injection vulnerability in W-Agora
SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.
network
low complexity
w-agora CWE-89
7.5
7.5
2008-01-04 CVE-2008-0089 SQL Injection vulnerability in Clip-Share Clipshare
SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter.
network
low complexity
clip-share CWE-89
7.5
7.5
2008-01-04 CVE-2007-6639 SQL Injection vulnerability in Iptbb Team Iptbb 0.5.4
SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewdir action.
network
low complexity
iptbb-team CWE-89
7.5
7.5
2008-01-04 CVE-2007-6634 SQL Injection vulnerability in Netbizcity Faqmasterflexplus
Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to execute arbitrary SQL commands via the category_id parameter to faq.php, and unspecified other vectors involving additional scripts.
network
netbizcity CWE-89
6.8
6.8