Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-28 | CVE-2007-6556 | SQL Injection vulnerability in Websihirbazi 5.1.1 Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp. | 7.5 |
| 2007-12-28 | CVE-2007-6551 | SQL Injection vulnerability in Mailmachinepro Mailmachine PRO SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-12-28 | CVE-2007-6544 | SQL Injection vulnerability in Runcms 1.6 Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/. | 7.5 |
| 2007-12-28 | CVE-2007-6543 | SQL Injection vulnerability in Esyndicat Link Exchange SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-12-27 | CVE-2007-6540 | SQL Injection vulnerability in Neuron News 1.0 SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/. | 7.5 |
| 2007-12-27 | CVE-2007-6538 | SQL Injection vulnerability in Mrbs 1.2.3/1.2.5 SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-12-24 | CVE-2007-6518 | SQL Injection vulnerability in Woltlab Burning Board Lite 1.0.2/1.0.2Pl3E Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters. | 7.5 |
| 2007-12-24 | CVE-2007-6517 | SQL Injection vulnerability in Aeries Browser Interface 3.7.9.17 SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. | 7.5 |
| 2007-12-20 | CVE-2007-6498 | SQL Injection vulnerability in Hosting Controller Hosting Controller 6.1Hotfix3.3 Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp. | 7.5 |
| 2007-12-20 | CVE-2007-6484 | SQL Injection vulnerability in PHPrpg 0.8 SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. | 6.8 |