Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-01-20 | CVE-2011-0519 | SQL Injection vulnerability in Gallarific PHP Photo Gallery Script 2.1 SQL injection vulnerability in gallery.php in Gallarific PHP Photo Gallery script 2.1 and possibly other versions allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2011-01-20 | CVE-2011-0516 | SQL Injection vulnerability in Epromptc Betmore Site Suite 4.0/4.2.0 SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site Suite 4.0 through 4.2.0 allows remote attackers to execute arbitrary SQL commands via the bid parameter. | 7.5 |
| 2011-01-20 | CVE-2011-0512 | SQL Injection vulnerability in Jikaka Teams Structure Module 3.0 SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter. | 6.8 |
| 2011-01-20 | CVE-2011-0511 | SQL Injection vulnerability in Joomtraders COM Allcinevid 1.0.0 SQL injection vulnerability in the allCineVid component (com_allcinevid) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | 7.5 |
| 2011-01-20 | CVE-2011-0510 | SQL Injection vulnerability in Awbs Advanced Webhost Billing System SQL injection vulnerability in cart.php in Advanced Webhost Billing System (AWBS) 2.9.2 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the oid parameter in an add_other action. | 7.5 |
| 2011-01-20 | CVE-2010-4703 | SQL Injection vulnerability in Hotwebscripts Hotweb Rentals SQL injection vulnerability in default.asp in HotWebScripts HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PageId parameter. | 7.5 |
| 2011-01-20 | CVE-2010-4702 | SQL Injection vulnerability in Fxwebdesign COM Jradio SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2011-01-18 | CVE-2010-4700 | SQL Injection vulnerability in PHP 5.3.2/5.3.3 The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions. | 6.8 |
| 2011-01-18 | CVE-2010-4696 | SQL Injection vulnerability in Joomla Joomla! Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 allow remote attackers to execute arbitrary SQL commands via the (1) filter_order or (2) filter_order_Dir parameter in a com_contact action to index.php, a different vulnerability than CVE-2010-4166. | 7.5 |
| 2011-01-14 | CVE-2010-0115 | SQL Injection vulnerability in Symantec web Gateway SQL injection vulnerability in login.php in the GUI management console in Symantec Web Gateway 4.5 before 4.5.0.376 allows remote attackers to execute arbitrary SQL commands via the USERNAME parameter. | 7.5 |