Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2010-03-19 CVE-2010-1013 SQL Injection vulnerability in Fr.Simon Rundell PD Diocesedatabase
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
fr-simon-rundell typo3 CWE-89
7.5
7.5
2010-03-19 CVE-2010-1012 SQL Injection vulnerability in Mathias Schreiber NF Cleandb
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
mathias-schreiber typo3 CWE-89
7.5
7.5
2010-03-19 CVE-2010-1010 SQL Injection vulnerability in Matthias Kall MK Wastebasket
SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
matthias-kall typo3 CWE-89
7.5
7.5
2010-03-19 CVE-2010-1009 SQL Injection vulnerability in Joachim-Ruhs Educator 0.1.5
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
joachim-ruhs typo3 CWE-89
7.5
7.5
2010-03-19 CVE-2010-1006 SQL Injection vulnerability in Typo3 Brainstorming
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
7.5
7.5
2010-03-19 CVE-2010-1004 SQL Injection vulnerability in Mischa Heimann Yatse
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
mischa-heimann typo3 CWE-89
7.5
7.5
2010-03-18 CVE-2009-4735 SQL Injection vulnerability in Allomani Audio & Video Library 2.7.0
SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
network
low complexity
allomani CWE-89
7.5
7.5
2010-03-18 CVE-2009-4734 SQL Injection vulnerability in Allomani Movies Library 2.7.0
SQL injection vulnerability in login.php in Allomani Movies Library (Movies & Clips) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
network
low complexity
allomani CWE-89
7.5
7.5
2010-03-18 CVE-2009-4733 SQL Injection vulnerability in Supercrackmunkey Simpleloginsys 0.5
SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. 		6.8
6.8
2010-03-18 CVE-2009-4732 SQL Injection vulnerability in Technotoad TT web Site Manager 0.5
SQL injection vulnerability in tt/index.php in TT Web Site Manager 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tt_name parameter.
network
technotoad CWE-89
6.8
6.8