Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-04-07 | CVE-2010-4782 | SQL Injection vulnerability in Softwebsnepal Ananda Real Estate 3.4 Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) city, (2) state, (3) country, (4) minprice, (5) maxprice, (6) bed, and (7) bath parameters, different vectors than CVE-2006-6807. | 7.5 |
| 2011-04-07 | CVE-2010-4780 | SQL Injection vulnerability in Enanocms Enano CMS SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. | 7.5 |
| 2011-04-04 | CVE-2011-1557 | SQL Injection vulnerability in Icloudcenter Icjobsite 1.1 SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter to an unspecified component, a different vulnerability than CVE-2011-1546. | 7.5 |
| 2011-04-04 | CVE-2011-1556 | SQL Injection vulnerability in Aphpkb 0.95.4 SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter. | 6.8 |
| 2011-04-04 | CVE-2011-1555 | SQL Injection vulnerability in Aphpkb SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.3 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter, a different vulnerability than CVE-2011-1546. | 6.8 |
| 2011-04-04 | CVE-2011-1546 | SQL Injection vulnerability in Aphpkb Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. | 7.5 |
| 2011-03-23 | CVE-2010-4776 | SQL Injection vulnerability in Preprojects PRE Online Tests Generator SQL injection vulnerability in takefreestart.php in PreProjects Pre Online Tests Generator Pro allows remote attackers to execute arbitrary SQL commands via the tid2 parameter. | 7.5 |
| 2011-03-23 | CVE-2010-4774 | SQL Injection vulnerability in Auracms 1.62 SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-4804 and CVE-2007-4171. | 7.5 |
| 2011-03-23 | CVE-2010-4771 | SQL Injection vulnerability in Matteoiammarrone S-Cms 2.5 SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2011-03-23 | CVE-2010-4770 | SQL Injection vulnerability in Commodityrentals DVD Rentals Script SQL injection vulnerability in index.php in CommodityRentals DVD Rentals Script allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a catalog action. | 7.5 |