Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-12-07 | CVE-2010-4257 | SQL Injection vulnerability in Wordpress SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field. | 6.0 |
2010-12-06 | CVE-2010-4404 | SQL Injection vulnerability in Anything-Digital Sh404Sef SQL injection vulnerability in the Yannick Gaultier sh404SEF component before 2.1.8.777 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-12-06 | CVE-2010-4400 | SQL Injection vulnerability in Dynpg 4.2.0 SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows remote attackers to execute arbitrary SQL commands via the giveRights_UserId parameter. | 7.5 |
2010-12-02 | CVE-2010-4280 | SQL Injection vulnerability in Artica Pandora FMS Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the id_group parameter in an operation/agentes/ver_agente action to ajax.php or (2) the group_id parameter in an operation/agentes/estado_agente action to index.php, related to operation/agentes/estado_agente.php. | 7.5 |
2010-12-02 | CVE-2010-3267 | SQL Injection vulnerability in Ifdefined Bugtracker.Net Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the qu_id parameter to bugs.aspx, (2) the row_id parameter to delete_query.aspx, the (3) new_project or (4) us_id parameter to edit_bug.aspx, or (5) the bug_list parameter to massedit.aspx. | 6.5 |
2010-12-01 | CVE-2010-4365 | SQL Injection vulnerability in Harmistechnology COM Jeajaxeventcalendar SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php. | 7.5 |
2010-12-01 | CVE-2010-4363 | SQL Injection vulnerability in Mrcgiguy Freeticket 1.0.0 Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY (MCG) FreeTicket 1.0.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) email parameters in a showtickets action. | 6.8 |
2010-12-01 | CVE-2010-4362 | SQL Injection vulnerability in Micronetsoft RV Dealer Website Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer Website allow remote attackers to execute arbitrary SQL commands via the (1) selStock parameter to search.asp and the (2) orderBy parameter to showAlllistings.asp. | 7.5 |
2010-12-01 | CVE-2010-4360 | SQL Injection vulnerability in Jurpo Jurpopage 0.2.0 Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. | 7.5 |
2010-12-01 | CVE-2010-4359 | SQL Injection vulnerability in Jurpo Jurpopage 0.2.0 SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. | 7.5 |