Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2011-10-09 CVE-2010-4926 SQL Injection vulnerability in Timetrack COM Timetrack 1.2.4
SQL injection vulnerability in the TimeTrack (com_timetrack) component 1.2.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ct_id parameter in a timetrack action to index.php.
network
low complexity
timetrack joomla CWE-89
7.5
7.5
2011-10-09 CVE-2010-4925 SQL Injection vulnerability in Nuked-Klan Partenaires Module 1.5
SQL injection vulnerability in clic.php in the Partenaires module 1.5 for Nuked-Klan allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
nuked-klan CWE-89
7.5
7.5
2011-10-09 CVE-2010-4923 SQL Injection vulnerability in Virtuenetz Virtue Book Store
SQL injection vulnerability in book/detail.php in Virtue Netz Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the bid parameter.
network
low complexity
virtuenetz CWE-89
7.5
7.5
2011-10-09 CVE-2010-4922 SQL Injection vulnerability in Allinta CMS 22.07.2010
Multiple SQL injection vulnerabilities in Allinta CMS 22.07.2010 allow remote attackers to execute arbitrary SQL commands via the i parameter in an edit action to (1) contentAE.asp or (2) templatesAE.asp.
network
low complexity
allinta CWE-89
7.5
7.5
2011-10-08 CVE-2010-4921 SQL Injection vulnerability in Dmxready Polling Booth Manager
SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady Polling Booth Manager allows remote attackers to execute arbitrary SQL commands via the QuestionID parameter in a results action.
network
low complexity
dmxready CWE-89
7.5
7.5
2011-10-08 CVE-2010-4920 SQL Injection vulnerability in Micronetsoft Rental Property Website 1.0
SQL injection vulnerability in detail.asp in Micronetsoft Rental Property Management Website 1.0 allows remote attackers to execute arbitrary SQL commands via the ad_ID parameter.
network
low complexity
micronetsoft CWE-89
7.5
7.5
2011-10-08 CVE-2010-4919 SQL Injection vulnerability in Micronetsoft RV Dealer Website 1.0
SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer Website 1.0 allows remote attackers to execute arbitrary SQL commands via the vehicletypeID parameter.
network
low complexity
micronetsoft CWE-89
7.5
7.5
2011-10-08 CVE-2010-4917 SQL Injection vulnerability in A-Blog 2.0
SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows remote attackers to execute arbitrary SQL commands via the words parameter.
network
low complexity
a-blog CWE-89
7.5
7.5
2011-10-08 CVE-2010-4916 SQL Injection vulnerability in Coldgen Coldusergroup 1.06
Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.
network
low complexity
coldgen CWE-89
7.5
7.5
2011-10-08 CVE-2010-4915 SQL Injection vulnerability in Coldgen Coldbookmarks 1.22
SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 allows remote attackers to execute arbitrary SQL commands via the BookmarkID parameter in an EditBookmark action.
network
low complexity
coldgen CWE-89
7.5
7.5