Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2007-10-09 CVE-2007-5316 SQL Injection vulnerability in Softbizscripts Softbiz Jobs and Recruitment Script
SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
network
low complexity
softbizscripts CWE-89
5.0
5.0
2007-10-09 CVE-2007-5308 SQL Injection vulnerability in PHP Homepage M PHP Homepage M 1.0
SQL injection vulnerability in galerie.php in PHP Homepage M (phpHPm) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. 		6.8
6.8
2007-10-08 CVE-2007-5272 SQL Injection vulnerability in Furkan Tastan Blog Furkan Tastan Blog
SQL injection vulnerability in kategori.asp in Furkan Tastan Blog allows remote attackers to execute arbitrary SQL commands via the id parameter in a goster kat action.
network
low complexity
furkan-tastan-blog CWE-89
7.5
7.5
2007-10-06 CVE-2007-5261 SQL Injection vulnerability in Iscripts Multicart 1.0
Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php.
network
low complexity
iscripts CWE-89
6.4
6.4
2007-10-05 CVE-2007-5233 SQL Injection vulnerability in Deonixscripts web Template Management System 1.3
SQL injection vulnerability in index.php in Web Template Management System 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a readmore action.
network
low complexity
deonixscripts CWE-89
7.5
7.5
2007-10-05 CVE-2007-5220 SQL Injection vulnerability in ASP Product Catalog ASP Product Catalog 1.0
SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters.
network
low complexity
asp-product-catalog CWE-89
7.5
7.5
2007-10-03 CVE-2007-5189 SQL Injection vulnerability in X-Script Guestbook 1.3A
Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters.
network
low complexity
x-script CWE-89
7.5
7.5
2007-10-03 CVE-2007-5187 SQL Injection vulnerability in PHP-Fusion Expanded Calendar Module and PHP-Fusion
SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter.
network
low complexity
php-fusion CWE-89
7.5
7.5
2007-10-03 CVE-2007-5181 SQL Injection vulnerability in Netkamp Emlak Scripti
SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allows remote attackers to execute arbitrary SQL commands via the ilan_id parameter.
network
low complexity
netkamp CWE-89
7.5
7.5
2007-10-03 CVE-2007-5180 SQL Injection vulnerability in Ohesa Emlak Portali Ohesa Emlak Portali
Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow remote attackers to execute arbitrary SQL commands via the (1) Kategori parameter in satilik.asp and the (2) Emlak parameter in detay.asp.
network
low complexity
ohesa-emlak-portali CWE-89
7.5
7.5