Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-05 | CVE-2005-4011 | SQL Injection vulnerability in Codewalkers Ltwcalendar SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2005-12-05 | CVE-2005-3996 | SQL Injection vulnerability in Zen-Cart ZEN Cart SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter. | 5.1 |
| 2005-12-04 | CVE-2005-3984 | SQL Injection vulnerability in Webcalendar 1.0.1 SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. | 7.5 |
| 2005-12-01 | CVE-2005-3952 | SQL Injection vulnerability in PHP Labs TOP Auction 1.0 SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. | 7.5 |
| 2005-11-29 | CVE-2005-3881 | SQL Injection vulnerability in Altantisfaq Altantis Knowledge Base Software SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Base Software 2.03 and earlier allows remote attackers to execute arbitrary SQL commands via the searchStr parameter. | 7.5 |
| 2005-11-29 | CVE-2005-3877 | SQL Injection vulnerability in Cafuego Simple Document Management System 1.1.4/1.1.5/1.1.6 Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php. | 7.5 |
| 2005-11-26 | CVE-2005-3845 | SQL Injection vulnerability in Ezinvoiceinc EZ Invoice INC 2.0 SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. | 7.5 |
| 2005-11-26 | CVE-2005-3840 | SQL Injection vulnerability in Omnistar Interactive Omnistar Live SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category_id parameter. | 7.5 |
| 2005-11-26 | CVE-2005-3817 | SQL Injection vulnerability in Softbiz web Hosting Directory Script Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module. | 7.5 |
| 2005-11-22 | CVE-2005-3748 | SQL Injection vulnerability in Tru-Zone Nukeet 3.0/3.1/3.2 SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter. | 7.5 |