Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2007-11-15 CVE-2007-6004 SQL Injection vulnerability in Toko Instan 7.6
Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action.
network
low complexity
toko CWE-89
7.5
7.5
2007-11-15 CVE-2007-5999 SQL Injection vulnerability in Softbizscripts Softbiz Auctions Script
SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
softbizscripts CWE-89
7.5
7.5
2007-11-15 CVE-2007-5998 SQL Injection vulnerability in Softbizscripts AD Management Plus Script 1.0
SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.
network
low complexity
softbizscripts CWE-89
6.5
6.5
2007-11-15 CVE-2007-5997 SQL Injection vulnerability in Softbizscripts Banner Exchange Network Script 1.0
SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
network
low complexity
softbizscripts CWE-89
6.5
6.5
2007-11-15 CVE-2007-5996 SQL Injection vulnerability in Softbizscripts Link Directory Script 1.0
SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.
network
low complexity
softbizscripts CWE-89
7.5
7.5
2007-11-15 CVE-2007-5992 SQL Injection vulnerability in Datecomm Social Networking Script
SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page.
network
low complexity
datecomm CWE-89
7.5
7.5
2007-11-15 CVE-2007-5991 SQL Injection vulnerability in EXO Exophpdesk 1.2.1
SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action.
network
low complexity
exo CWE-89
7.5
7.5
2007-11-15 CVE-2007-5986 SQL Injection vulnerability in Btiteam Btitracker
SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
btiteam CWE-89
7.5
7.5
2007-11-15 CVE-2007-5978 SQL Injection vulnerability in Xoops Mylinks Module 2.0.17.1
SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
network
low complexity
xoops CWE-89
7.5
7.5
2007-11-15 CVE-2007-5976 SQL Injection vulnerability in PHPmyadmin
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.
network
low complexity
phpmyadmin CWE-89
6.5
6.5