Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-08-20 | CVE-2013-5322 | SQL Injection vulnerability in JAN Bednarik Cooluri SQL injection vulnerability in the CoolURI extension before 1.0.30 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2013-08-20 | CVE-2013-5321 | SQL Injection vulnerability in Alienvault Open Source Security Information Management 4.1 Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php. | 7.5 |
| 2013-08-20 | CVE-2013-5318 | SQL Injection vulnerability in Benjamin Arnaudetr Ginkgocms 5.0 SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the rang parameter to index.php. | 7.5 |
| 2013-08-19 | CVE-2013-5311 | SQL Injection vulnerability in Vastal PHPvid 1.2.3 Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. | 7.5 |
| 2013-08-16 | CVE-2013-5310 | SQL Injection vulnerability in Mauro Lorenzutti Wfqbe 1.3.1/2.0.0 SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2013-08-16 | CVE-2013-5306 | SQL Injection vulnerability in Die-Netzmacher Browser 4.5.0/4.5.2 SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2013-08-16 | CVE-2013-5304 | SQL Injection vulnerability in Joachim Ruhs Locator SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2013-08-16 | CVE-2013-5302 | SQL Injection vulnerability in Kennziffer KE Search SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2013-08-14 | CVE-2013-5121 | SQL Injection vulnerability in PHPfox 3.6.0 SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/. | 7.5 |
| 2013-08-14 | CVE-2013-5120 | SQL Injection vulnerability in PHPfox 3.6.0 SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/. | 7.5 |