Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-30 | CVE-2006-1500 | SQL Injection vulnerability in Tilde CMS 3.0 SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-03-28 | CVE-2006-1423 | SQL Injection vulnerability in Ubbcentral Ubb.Threads SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 br5, 6.0.1, 6.0.2, and earlier, allows remote attackers to execute arbitrary SQL commands via the Number parameter. | 5.0 |
| 2006-03-23 | CVE-2006-1360 | SQL Injection vulnerability in Musicbox 2.3Beta2 Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) type, or (3) show parameter to (a) index.php; or the (4) message1 or (5) message parameter to (b) cart.php. | 7.5 |
| 2006-03-21 | CVE-2006-1330 | SQL Injection vulnerability in PHPwebsite 0.7.3/0.8.2/0.8.3 Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php. | 7.5 |
| 2006-03-19 | CVE-2006-1278 | SQL Injection vulnerability in Upoint @1 File Store 2006.03.07 SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and (15) the id parameter in folder.php. | 6.8 |
| 2006-03-07 | CVE-2006-1049 | SQL Injection vulnerability in Joomla Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
| 2006-03-07 | CVE-2006-1018 | SQL Injection vulnerability in Dci-Designs Dawaween 1.03 SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a diwan view action. | 7.5 |
| 2006-03-06 | CVE-2006-1006 | SQL Injection vulnerability in Sendcard Multiple SQL injection vulnerabilities in sendcard.php in sendcard before 3.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | 7.5 |
| 2006-03-02 | CVE-2006-0961 | SQL Injection vulnerability in Cilem Haber 1.1 SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. | 7.5 |
| 2006-03-02 | CVE-2006-0959 | SQL Injection vulnerability in Mybulletinboard 1.0.3/1.0.4 SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. | 7.5 |