Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-11 | CVE-2005-1500 | SQL Injection vulnerability in Mywebland Mybloggie 2.1.1/2.1.3 Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. | 7.5 |
| 2005-05-02 | CVE-2005-1017 | SQL Injection vulnerability in Maxwebportal SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp. | 7.5 |
| 2005-04-27 | CVE-2005-0413 | SQL Injection vulnerability in Myphp Forum Myphp Forum 1.0/2.0/3.0 Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. | 7.5 |
| 2004-12-31 | CVE-2004-2754 | SQL Injection vulnerability in Yabb SE SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions. | 7.5 |
| 2004-12-31 | CVE-2004-2751 | SQL Injection vulnerability in Postnuke Software Foundation Postnuke 0.722/0.723/0.726 SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | 6.8 |
| 2004-12-31 | CVE-2004-2746 | SQL Injection vulnerability in Pensacola web Designs Xtremeasp Photogallery 2.0 SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | 7.5 |
| 2004-12-31 | CVE-2004-2737 | SQL Injection vulnerability in Netsupport DNA Helpdesk 1.01 SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter. | 7.5 |
| 2004-12-31 | CVE-2004-2716 | SQL Injection vulnerability in PHP Heaven PHPmychat 0.14.5 Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters. | 7.5 |
| 2004-12-31 | CVE-2004-2695 | SQL Injection vulnerability in multiple products SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. | 7.5 |
| 2004-12-31 | CVE-2004-1553 | SQL Injection vulnerability in Fullrevolution Aspwebalbum 3.2 SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. | 7.5 |