Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-03-15 | CVE-2009-4709 | SQL Injection vulnerability in Dirk Maiwert Datamints Newsticker SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-03-15 | CVE-2009-4708 | SQL Injection vulnerability in Maximo Cuadros GB Fenewssubmit SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-03-15 | CVE-2009-4703 | SQL Injection vulnerability in Typo3 WS Gallery SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-03-15 | CVE-2009-4702 | SQL Injection vulnerability in Markus Barchfeld PM Tour SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-03-15 | CVE-2009-4701 | SQL Injection vulnerability in Liviu Mitrofan Myth Download 0.1.0 SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-03-15 | CVE-2009-4698 | SQL Injection vulnerability in Alexandre Amaral Xoops Celepar 1.0.1 Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php. | 7.5 |
| 2010-03-15 | CVE-2010-0122 | SQL Injection vulnerability in Timeclock-Software Employee Timeclock Software 0.99 Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php. | 7.5 |
| 2010-03-10 | CVE-2009-4696 | SQL Injection vulnerability in Radscripts Radnics 5 SQL injection vulnerability in index.php in RadNICS Gold 5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action. | 7.5 |
| 2010-03-10 | CVE-2009-4695 | SQL Injection vulnerability in Radscripts Radlance 7.5 SQL injection vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action. | 7.5 |
| 2010-03-10 | CVE-2009-4691 | SQL Injection vulnerability in Resalecode Classified Linktrader Script SQL injection vulnerability in addlink.php in Classified Linktrader Script allows remote attackers to execute arbitrary SQL commands via the slctCategories parameter. | 7.5 |