Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-12-04 | CVE-2007-6223 | SQL Injection vulnerability in PHPbb Garage 1.2.0Beta3 SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 allows remote attackers to execute arbitrary SQL commands via the make_id parameter in a search action in browse mode. | 7.5 |
| 2007-12-04 | CVE-2007-6217 | SQL Injection vulnerability in Irola My-Time 3.5 Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. | 7.5 |
| 2007-12-01 | CVE-2007-6202 | SQL Injection vulnerability in Neocrome Seditio SQL injection vulnerability in plugins/search/search.php in Neocrome Seditio CMS 121 and earlier allows remote attackers to execute arbitrary SQL commands via the pag_sub[] parameter to plug.php. | 6.8 |
| 2007-11-30 | CVE-2007-6171 | SQL Injection vulnerability in Digium Asterisk SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | 7.5 |
| 2007-11-30 | CVE-2007-6170 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments. | 6.5 |
| 2007-11-30 | CVE-2007-6172 | SQL Injection vulnerability in Wire Plastic Design Wpquiz 2.7 Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php. | 10.0 |
| 2007-11-29 | CVE-2007-6169 | SQL Injection vulnerability in Gouae DWD Realty SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a different vector than CVE-2007-6163. | 7.5 |
| 2007-11-29 | CVE-2007-6168 | SQL Injection vulnerability in VU Case Manager SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. | 7.5 |
| 2007-11-29 | CVE-2007-6164 | SQL Injection vulnerability in Eurologon CMS Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php. | 7.5 |
| 2007-11-29 | CVE-2007-6163 | SQL Injection vulnerability in Gouae DWD Realty 0 SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter. | 7.5 |