Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-01-13 | CVE-2010-3924 | SQL Injection vulnerability in Aimluck Aipo SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2011-01-11 | CVE-2011-0407 | SQL Injection vulnerability in Phenotype-Cms Phenotype CMS 3.0 SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. | 7.5 |
2011-01-07 | CVE-2010-4496 | SQL Injection vulnerability in Tibco Activecatalog and Collaborative Information Manager Multiple SQL injection vulnerabilities in Collaborative Information Manager server, as used in TIBCO Collaborative Information Manager before 8.1.0 and ActiveCatalog before 1.0.1, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-12-30 | CVE-2010-4641 | SQL Injection vulnerability in Xwiki SQL injection vulnerability in XWiki Enterprise before 2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-12-30 | CVE-2010-4639 | SQL Injection vulnerability in Intendance Mysource Matrix SQL injection vulnerability in index.php in MySource Matrix allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2010-12-30 | CVE-2010-4638 | SQL Injection vulnerability in Iptechinside COM Jquarks4S 1.0.0 SQL injection vulnerability in the submitSurvey function in controller.php in JQuarks4s (com_jquarks4s) component 1.0.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the q parameter in a submitSurvey action to index.php. | 6.8 |
2010-12-30 | CVE-2010-4636 | SQL Injection vulnerability in Site2Nite Business E-Listings SQL injection vulnerability in detail.asp in Site2Nite Business e-Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2010-12-30 | CVE-2010-4635 | SQL Injection vulnerability in Site2Nite Vacation Rental Listings SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental (VRBO) Listings allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2010-12-30 | CVE-2010-4633 | SQL Injection vulnerability in Sumeffect Digishop 2.0.2 SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vulnerability than CVE-2005-4614.1. | 7.5 |
2010-12-30 | CVE-2010-4632 | SQL Injection vulnerability in Pilotcart Pilot Cart 7.3 Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. | 7.5 |