Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-17 | CVE-2007-5488 | SQL Injection vulnerability in Asterisk Asterisk-Addons Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record. | 7.5 |
| 2007-10-17 | CVE-2007-5490 | SQL Injection vulnerability in Okulumunsitesi Portal 2.0 SQL injection vulnerability in default.asp in Okul Otomasyon Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2007-10-16 | CVE-2007-5485 | SQL Injection vulnerability in Kwsphp 1.0 SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter. | 7.5 |
| 2007-10-14 | CVE-2007-5458 | SQL Injection vulnerability in Alorys-Hebergement Kwsphp and Newsletter Module SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsletter parameter. | 6.8 |
| 2007-10-14 | CVE-2007-5452 | SQL Injection vulnerability in PHP-Stats 0.1.9.2 Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter. | 10.0 |
| 2007-10-14 | CVE-2007-5449 | SQL Injection vulnerability in Softbiz Recipes Portal Script SQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter. | 7.5 |
| 2007-10-12 | CVE-2007-5430 | SQL Injection vulnerability in Scottmanktelow Stride CMS 1.0 Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem. | 7.5 |
| 2007-10-12 | CVE-2007-5408 | SQL Injection vulnerability in Cplinks Cpdynalinks 1.02 SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows remote attackers to execute arbitrary SQL commands via the category parameter. | 6.8 |
| 2007-10-11 | CVE-2007-5372 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field. | 10.0 |
| 2007-10-11 | CVE-2007-5371 | SQL Injection vulnerability in Modxcms 0.9.6 Multiple SQL injection vulnerabilities in mutate_content.dynamic.php in MODx 0.9.6 allow remote attackers to execute arbitrary SQL commands via the (1) documentDirty or (2) modVariables parameter. | 6.8 |