Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-20 | CVE-2007-6472 | SQL Injection vulnerability in PHPmyrealty 1.0.9 Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. | 7.5 |
| 2007-12-20 | CVE-2007-6469 | SQL Injection vulnerability in PHPrpg 0.8 SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qutoes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | 9.3 |
| 2007-12-20 | CVE-2007-6467 | SQL Injection vulnerability in Mkportal 1.1Rc1 SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action. | 7.5 |
| 2007-12-20 | CVE-2007-6466 | SQL Injection vulnerability in Freewebshop 2.2.1 Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. | 7.5 |
| 2007-12-20 | CVE-2007-6462 | SQL Injection vulnerability in PHP Real Estate Classifieds PHP Real Estate Classifieds Premium Plus SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-12-20 | CVE-2007-6458 | SQL Injection vulnerability in My123Tkshop E-Commerce-Suite 0.9.1 SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php. | 7.5 |
| 2007-12-17 | CVE-2007-6394 | SQL Injection vulnerability in P3Mbo Content Injector 1.53 SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action. | 7.5 |
| 2007-12-17 | CVE-2007-6393 | SQL Injection vulnerability in ACE Image Hosting Script ACE Image Hosting Script 0 SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode. | 6.5 |
| 2007-12-17 | CVE-2007-6392 | SQL Injection vulnerability in Dominion web Dwdirectory SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI. | 7.5 |
| 2007-12-17 | CVE-2007-6391 | SQL Injection vulnerability in Sh-News 3.0 SQL injection vulnerability in patch/comments.php in SH-News 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |