Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-15 | CVE-2007-6381 | SQL Injection vulnerability in Typo3 SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
| 2007-12-15 | CVE-2007-6380 | SQL Injection vulnerability in E-Xoops Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266. | 7.5 |
| 2007-12-15 | CVE-2007-6375 | SQL Injection vulnerability in Bitweaver Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. | 7.5 |
| 2007-12-15 | CVE-2007-6373 | SQL Injection vulnerability in Gestdown 1.00Beta Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the (1) categorie parameter to catdownload.php, or the id parameter to (2) download.php or (3) hitcounter.php. | 7.5 |
| 2007-12-15 | CVE-2007-6366 | SQL Injection vulnerability in Sinecms Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. | 7.5 |
| 2007-12-15 | CVE-2007-6362 | SQL Injection vulnerability in Joomla RS Gallery2 Beta5 SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action. | 7.5 |
| 2007-12-15 | CVE-2007-6338 | SQL Injection vulnerability in Trivantis Coursemill Enterprise Learning Management System 4.1 SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill Enterprise Learning Management System 4.1 SP4 allows remote attackers to execute arbitrary SQL commands via the user parameter (username field). | 7.5 |
| 2007-12-13 | CVE-2007-6345 | SQL Injection vulnerability in Aurora Framework SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. | 7.5 |
| 2007-12-13 | CVE-2007-6342 | SQL Injection vulnerability in David Castro Apache Authcas 0.4 SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie. | 7.5 |
| 2007-12-12 | CVE-2007-6318 | SQL Injection vulnerability in Wordpress SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character. | 6.8 |