Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-08-21 | CVE-2007-4456 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. | 7.5 |
| 2007-08-15 | CVE-2007-4368 | SQL Injection vulnerability in IBM Rational Clearquest 7.0.0.0/7.0.0.1 SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command. | 7.5 |
| 2007-08-08 | CVE-2007-4258 | SQL Injection vulnerability in Prozilla PUB Site Directory SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
| 2007-08-08 | CVE-2007-4207 | SQL Injection vulnerability in Kerberosdev Gallery in A BOX SQL injection vulnerability in admin_console/index.asp in Gallery In A Box allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. | 7.5 |
| 2007-08-07 | CVE-2007-4173 | SQL Injection vulnerability in Hunkaray Okul Portaly 1.1 SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-3080. | 7.5 |
| 2007-07-30 | CVE-2007-4095 | SQL Injection vulnerability in BSM Store Dependent Forums 1.0.2 SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows remote attackers to execute arbitrary SQL commands via a Username field in an unspecified component, probably the FrmUserName parameter in login.asp. | 7.5 |
| 2007-07-30 | CVE-2007-4056 | SQL Injection vulnerability in Adult Directory Adult Directory SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | 7.5 |
| 2007-07-21 | CVE-2007-3937 | SQL Injection vulnerability in A-Shop Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2007-07-21 | CVE-2007-3933 | SQL Injection vulnerability in Quickestore SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053. | 7.5 |
| 2007-07-19 | CVE-2007-3909 | SQL Injection vulnerability in Bandersnatch 0.4 Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) date and (2) limit parameters to index.php, and other unspecified vectors. | 7.5 |