Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2006-12-07 CVE-2006-6337 SQL Injection vulnerability in Aspindir Aspee Ziyaretci Defteri
Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter.
network
low complexity
aspindir CWE-89
7.5
7.5
2006-11-28 CVE-2006-6157 SQL Injection vulnerability in Michaelis Freunde Contentnow
SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
network
low complexity
michaelis-freunde CWE-89
7.5
7.5
2006-11-24 CVE-2006-6095 SQL Injection vulnerability in Dotnetindex Active News Manager
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp.
network
low complexity
dotnetindex CWE-89
7.5
7.5
2006-11-24 CVE-2006-6073 SQL Injection vulnerability in Enthrallweb Eshopping Cart
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp.
network
low complexity
enthrallweb CWE-89
7.5
7.5
2006-11-22 CVE-2006-6048 SQL Injection vulnerability in Etomite 0.6.1.2
SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
etomite CWE-89
6.8
6.8
2006-11-22 CVE-2006-6038 SQL Injection vulnerability in Powie Pforum
SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
powie CWE-89
7.5
7.5
2006-11-10 CVE-2006-5829 SQL Injection vulnerability in Aiocp
Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/code/cp_newsletter.php; (4) links_category parameter to public/code/cp_links.php; (5) product_category_id parameter to public/code/cp_show_ec_products.php; (6) order_field parameter to public/code/cp_show_ec_products.php; (7) firstrow parameter to public/code/cp_users_online.php; and (8) orderdir parameter to public/code/cp_links_search.php.
network
aiocp CWE-89
6.8
6.8
2006-10-31 CVE-2006-5629 SQL Injection vulnerability in Hosting Controller Hosting Controller
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp.
network
low complexity
hosting-controller CWE-89
7.5
7.5
2006-10-31 CVE-2006-5606 SQL Injection vulnerability in Bytesfall Explorer Bytesfall Explorer
Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors.
network
low complexity
bytesfall-explorer CWE-89
7.5
7.5
2006-10-12 CVE-2006-5242 SQL Injection vulnerability in Etomite 0.6
SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
etomite CWE-89
7.5
7.5