Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-04-27 | CVE-2010-4797 | SQL Injection vulnerability in Truworthit Flex Timesheet Multiple SQL injection vulnerabilities in the log-in form in Truworth Flex Timesheet allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | 7.5 |
2011-04-27 | CVE-2010-4796 | SQL Injection vulnerability in PHPyun 1.1.6 Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) provinceid parameter to search.php and the (2) e parameter to resumeview.php. | 7.5 |
2011-04-27 | CVE-2010-4795 | SQL Injection vulnerability in Joomlaseller COM Jscalendar 1.5.1/1.5.4 SQL injection vulnerability in the JS Calendar (com_jscalendar) component 1.5.1 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the ev_id parameter in a details action to index.php. | 7.5 |
2011-04-27 | CVE-2010-4793 | SQL Injection vulnerability in Site2Nite Auto E-Manager SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2011-04-27 | CVE-2010-4791 | SQL Injection vulnerability in Marcusg MG User Fotoalbum Panel 1.0.1 SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the album_id parameter. | 7.5 |
2011-04-22 | CVE-2011-1686 | SQL Injection vulnerability in Bestpractical RT Multiple SQL injection vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors, as demonstrated by reading data. | 6.5 |
2011-04-19 | CVE-2011-1722 | SQL Injection vulnerability in Webempoweredchurch WEC Discussion Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011. | 7.5 |
2011-04-10 | CVE-2011-1667 | SQL Injection vulnerability in Xmedien Anzeigenmarkt 2011 SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows remote attackers to execute arbitrary SQL commands via the q parameter in a list action. | 7.5 |
2011-04-10 | CVE-2011-1663 | SQL Injection vulnerability in Icanlocalize Translation Management SQL injection vulnerability in the Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-04-07 | CVE-2010-4784 | SQL Injection vulnerability in PHPwebscripts Easy Banner Free 2009.05.18 Multiple SQL injection vulnerabilities in member.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | 6.8 |