Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-19 | CVE-2006-3064 | SQL Injection vulnerability in Coppermine Photo Gallery 1.4.8 SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers. | 7.5 |
| 2006-06-16 | CVE-2006-3048 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
| 2006-06-12 | CVE-2006-2977 | SQL Injection vulnerability in Mafia Moblog Mafia Moblog SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter. | 7.5 |
| 2006-06-12 | CVE-2006-2973 | SQL Injection vulnerability in PHP Lite Calendar Express 2.2 Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. | 7.5 |
| 2006-06-02 | CVE-2006-2760 | SQL Injection vulnerability in Warpspeed 4Nforum 0.91 SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | 7.5 |
| 2006-05-16 | CVE-2006-2416 | SQL Injection vulnerability in E107 SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name']. | 5.1 |
| 2006-05-15 | CVE-2006-2363 | SQL Injection vulnerability in Limbo CMS Limbo CMS 1.0.4.2 SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 5.1 |
| 2006-05-11 | CVE-2006-2301 | SQL Injection vulnerability in Ozzywork Galeri 2.0 SQL injection vulnerability in admin_default.asp in OzzyWork Galeri allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password fields. | 7.5 |
| 2006-05-09 | CVE-2006-2268 | SQL Injection vulnerability in Flexcustomer 0.0.1/0.0.4 SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. | 7.5 |
| 2006-05-09 | CVE-2006-2259 | SQL Injection vulnerability in Maxxcode Maxxschedule 1.0 SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter. | 7.5 |