Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2014-03-14 CVE-2014-2323 SQL Injection vulnerability in multiple products
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
network
low complexity
lighttpd debian opensuse suse CWE-89
critical
 9.8
9.8
2008-08-12 CVE-2008-3604 SQL Injection vulnerability in Zeescripts Zeebuddy 2.1
SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
network
low complexity
zeescripts CWE-89
critical
 9.8
9.8