Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-31 | CVE-2006-7232 | SQL Injection vulnerability in multiple products sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY. | 3.5 |
| 2006-12-31 | CVE-2006-7231 | SQL Injection vulnerability in Civica Software Civica SQL injection vulnerability in display.asp in Civica Software Civica allows remote attackers to execute arbitrary SQL commands via the Entry parameter. | 7.5 |
| 2006-12-31 | CVE-2006-6912 | SQL Injection vulnerability in PHPmyfaq SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter. | 7.5 |
| 2006-12-31 | CVE-2006-6880 | SQL Injection vulnerability in PHP-Update Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter. | 7.5 |
| 2006-12-31 | CVE-2006-6848 | SQL Injection vulnerability in Aspticker 1.0 SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter. | 7.5 |
| 2006-12-27 | CVE-2006-6747 | SQL Injection vulnerability in Dreaxteam Xt-News 0.1 SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter. | 7.5 |
| 2006-12-23 | CVE-2006-6706 | SQL Injection vulnerability in Soumu products SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages. | 6.5 |
| 2006-12-10 | CVE-2006-6402 | SQL Injection vulnerability in Mystats SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the details parameter. | 7.5 |
| 2006-12-07 | CVE-2006-6367 | SQL Injection vulnerability in Duware Dudownload, Dunews and Dupaypal Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. | 7.5 |
| 2006-12-07 | CVE-2006-6349 | SQL Injection vulnerability in PWP Technologies the Classified AD System Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine. | 7.5 |