Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-04-06 | CVE-2010-1270 | SQL Injection vulnerability in PHPscripte24 Multi Suktions Komplett System 2 SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter. | 7.5 |
2010-04-06 | CVE-2010-1269 | SQL Injection vulnerability in PHPscripte24 Niedrig Gebote PRO Auktions System II SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter. | 7.5 |
2010-04-06 | CVE-2010-1265 | SQL Injection vulnerability in Ekith COM DCS Flashgames 2.0 SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | 7.5 |
2010-03-27 | CVE-2010-1134 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware SQL injection vulnerability in the _find function in searchlib.php in TikiWiki CMS/Groupware 3.x before 3.5 allows remote attackers to execute arbitrary SQL commands via the $searchDate variable. | 7.5 |
2010-03-27 | CVE-2010-1133 | SQL Injection vulnerability in Tiki Tikiwiki Cms/Groupware 4.0/4.1 Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x before 4.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to (1) tiki-searchindex.php and (2) tiki-searchresults.php. | 7.5 |
2010-03-26 | CVE-2009-4751 | SQL Injection vulnerability in PHPpower Swinger Club Portal SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action. | 7.5 |
2010-03-26 | CVE-2009-4749 | SQL Injection vulnerability in PHPlivesupport PHP Live! 3.2.1/3.2.2 Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php. | 7.5 |
2010-03-26 | CVE-2009-4748 | SQL Injection vulnerability in Andrew Charlton MY Category Order SQL injection vulnerability in mycategoryorder.php in the My Category Order plugin 2.8 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the parentID parameter in an act_OrderCategories action to wp-admin/post-new.php. | 7.5 |
2010-03-26 | CVE-2009-4745 | SQL Injection vulnerability in Dreamlevels Dreampoll 3.1 Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) sortField, (2) sortDesc, or (3) pageNumber parameter in a login action. | 7.5 |
2010-03-26 | CVE-2009-4742 | SQL Injection vulnerability in Docebo 3.6.0.3 Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the word parameter in a play help action to the faq module, reachable through index.php; (2) the word parameter in a play keyw action to the link module, reachable through index.php; (3) the id_certificate parameter in an elemmetacertificate action to the meta_certificate module, reachable through index.php; or (4) the id_certificate parameter in an elemcertificate action to the certificate module, reachable through index.php. | 7.5 |