Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-10 | CVE-2006-5221 | SQL Injection vulnerability in Cahier DE Textes Cahier DE Textes 2.0 Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) matiere_ID parameter in lire.php or the (2) classe_ID parameter in lire_a_faire.php. | 7.5 |
| 2006-09-14 | CVE-2006-4785 | SQL Injection vulnerability in Moodle SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int. | 7.5 |
| 2006-09-13 | CVE-2006-4756 | SQL Injection vulnerability in Accomplishtechnology PHPmydirectory SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. | 7.5 |
| 2006-09-13 | CVE-2006-4736 | SQL Injection vulnerability in Cms.R. 5.5 Multiple SQL injection vulnerabilities in index.php in CMS.R. | 7.5 |
| 2006-09-13 | CVE-2006-4734 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.4 Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters. | 7.5 |
| 2006-09-06 | CVE-2006-4564 | SQL Injection vulnerability in Simplemachines SMF 1.1 SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter. | 5.1 |
| 2006-08-17 | CVE-2006-4214 | SQL Injection vulnerability in ZEN Cart ZEN Cart Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to a shopping cart, or (5) a redemption code when checking out (dc_redeem_code parameter to includes/modules/order_total/ot_coupon.php). | 7.5 |
| 2006-08-10 | CVE-2006-4064 | SQL Injection vulnerability in Yenerturk Haber Script 1.0/2.0 SQL injection vulnerability in default.asp in YenerTurk Haber Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-08-09 | CVE-2006-4042 | SQL Injection vulnerability in Mywebland Mybloggie Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters. | 7.5 |
| 2006-08-09 | CVE-2006-4039 | SQL Injection vulnerability in Chaossoft Gaestechaos Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) gastname, (2) gastwohnort, or (3) gasteintrag parameters. | 7.5 |