Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2003-12-31 | CVE-2003-1340 | SQL Injection vulnerability in PHPnuke PHP-Nuke 5.6/6.5 Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279. | 6.5 |
| 2003-12-31 | CVE-2003-1244 | SQL Injection vulnerability in PHPbb Group PHPbb 2.0.0/2.0.1/2.0.2 SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php. | 7.5 |
| 2003-11-17 | CVE-2003-0845 | SQL Injection vulnerability in Jboss 3.0.8/3.2.1 Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8. | 7.5 |
| 2003-06-16 | CVE-2003-0286 | SQL Injection vulnerability in Snitz Communications Snitz Forums 2000 SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable. | 7.5 |
| 2002-12-31 | CVE-2002-2391 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter. | 7.5 |
| 2002-12-31 | CVE-2002-2383 | SQL Injection vulnerability in F2Html.Pl SQL injection vulnerability in f2html.pl 0.1 through 0.4 allows remote attackers to execute arbitrary SQL commands via file names. | 7.5 |
| 2002-12-31 | CVE-2002-2305 | SQL Injection vulnerability in PHPsecure.Org Immobilier 1.0 SQL injection vulnerability in agentadmin.php in Immobilier allows remote attackers to execute arbitrary SQL commands via the (1) agentname or (2) agentpassword parameter. | 7.5 |
| 2002-12-31 | CVE-2002-2304 | SQL Injection vulnerability in Myphpsoft Myphplinks 2.1.9/2.2.0 SQL injection vulnerability in admin/auth/checksession.php in MyPHPLinks 2.1.9 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the idsession parameter. | 7.5 |
| 2002-12-31 | CVE-2002-2277 | SQL Injection vulnerability in Portail web PHP Portail web PHP 0.99 SQL injection vulnerability in mod_search/index.php in PortailPHP 0.99 allows remote attackers to execute arbitrary SQL commands via the (1) $rech, (2) $BD_Tab_docs, (3) $BD_Tab_file, (4) $BD_Tab_liens, (5) $BD_Tab_faq, or (6) $chemin variables. | 7.5 |
| 2002-12-31 | CVE-2002-2252 | SQL Injection vulnerability in Atthat.Com Thatware SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via a base64-encoded user parameter. | 7.5 |