Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-14 | CVE-2005-4244 | SQL Injection vulnerability in Snipegallery Snipe Gallery SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php. | 7.5 |
| 2005-12-14 | CVE-2005-4228 | SQL Injection vulnerability in PHPwebgallery Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. | 7.5 |
| 2005-12-13 | CVE-2005-4199 | SQL Injection vulnerability in Mybb 1.0 Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. | 7.5 |
| 2005-12-13 | CVE-2005-4198 | SQL Injection vulnerability in Netref 3.0 SQL injection vulnerability in index.php in Netref 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
| 2005-12-13 | CVE-2005-4195 | SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. | 7.5 |
| 2005-12-08 | CVE-2005-4073 | SQL Injection vulnerability in Cfmagic Magic List PRO SQL injection vulnerability in view_archive.cfm in CFMagic Magic List Pro 2.5 allows remote attackers to execute arbitrary SQL commands via the ListID parameter. | 7.5 |
| 2005-12-08 | CVE-2005-4071 | SQL Injection vulnerability in Cfmagic Magic Forum Personal Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm. | 7.5 |
| 2005-12-07 | CVE-2005-4058 | SQL Injection vulnerability in Saralblog 1/1Beta SQL injection vulnerability in saralblog 1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.php. | 7.5 |
| 2005-12-06 | CVE-2005-4040 | SQL Injection vulnerability in Tawbaware Filelister SQL injection vulnerability in FileLister 0.51 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameters, possibly the searchwhat parameter to definesearch.jsp. | 7.5 |
| 2005-12-05 | CVE-2005-4027 | SQL Injection vulnerability in Simplemedia Simplebbs 1.1 SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters. | 7.5 |