Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-12-29 | CVE-2010-4619 | SQL Injection vulnerability in Webscripti Mafya Oyun Scrpti SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka Mafia Game Script) allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2010-12-29 | CVE-2010-4615 | SQL Injection vulnerability in Iskenderaltuntas OTO Galeri Sistemi 1.0 Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) arac parameter to carsdetail.asp and the (2) marka parameter to twohandscars.asp. | 7.5 |
| 2010-12-29 | CVE-2010-4614 | SQL Injection vulnerability in Mhproducts ERO Auktion 2010 SQL injection vulnerability in item.php in Ero Auktion 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-0723. | 7.5 |
| 2010-12-29 | CVE-2010-4612 | SQL Injection vulnerability in Hycus CMS 1.0.3 Multiple SQL injection vulnerabilities in index.php in Hycus CMS 1.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) usr_email parameters to user/1/hregister.html, (3) usr_email parameter to user/1/hlogin.html, (4) useremail parameter to user/1/forgotpass.html, and the (5) q parameter to search/1.html. | 6.8 |
| 2010-12-29 | CVE-2010-4609 | SQL Injection vulnerability in Html-Edit CMS 3.1.8 SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to execute arbitrary SQL commands via the nuser parameter in a registrate action. | 7.5 |
| 2010-12-09 | CVE-2010-4517 | SQL Injection vulnerability in Harmistechnology COM Jeauto 1.0 SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the char parameter in an item action to index.php. | 6.8 |
| 2010-12-09 | CVE-2010-3922 | SQL Injection vulnerability in Sixapart Movabletype SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-12-08 | CVE-2010-4505 | SQL Injection vulnerability in Injader 2.4.4 Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) un and (2) pw parameters. | 6.8 |
| 2010-12-08 | CVE-2010-4503 | SQL Injection vulnerability in Aigaion 1.3.4 SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action. | 7.5 |
| 2010-12-08 | CVE-2010-4500 | SQL Injection vulnerability in Mrcgiguy Freeticket 1.0.0 Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) subject, and (4) message parameters in a sendmess action. | 6.8 |