Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-11-29 | CVE-2007-6159 | SQL Injection vulnerability in Tilde CMS 4.0 SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500. | 7.5 |
| 2007-11-29 | CVE-2007-6158 | SQL Injection vulnerability in Proverbs web Calendar 1.1 Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php. | 7.5 |
| 2007-11-27 | CVE-2007-6143 | SQL Injection vulnerability in VU Case Manager SQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter. | 7.5 |
| 2007-11-27 | CVE-2007-6140 | SQL Injection vulnerability in Dora Emlak Dora Emlak 2.0 Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) emlak_detay.asp and (b) haber_detay.asp, the (2) kategori parameter to (c) kategorisirala.asp, and the (3) tip parameter to (d) tipsirala.asp. | 7.5 |
| 2007-11-27 | CVE-2007-6138 | SQL Injection vulnerability in VU Mass Mailer SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). | 7.5 |
| 2007-11-27 | CVE-2007-6137 | SQL Injection vulnerability in P3Mbo Content Injector 1.52 SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. | 7.5 |
| 2007-11-27 | CVE-2007-6134 | SQL Injection vulnerability in PHPkit 1.6.4Pl1 SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773. | 7.5 |
| 2007-11-26 | CVE-2007-6128 | SQL Injection vulnerability in Flor DE Utopia Workingonweb 2.0.1400 SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter. | 7.5 |
| 2007-11-26 | CVE-2007-6127 | SQL Injection vulnerability in Project Alumni Project Alumni Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php. | 7.5 |
| 2007-11-26 | CVE-2007-6125 | SQL Injection vulnerability in Softbiz Freelancers Script 1.0 SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. | 7.5 |