Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-09-24 | CVE-2010-3604 | SQL Injection vulnerability in Alex Kellner Powermail SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2010-09-24 | CVE-2010-3601 | SQL Injection vulnerability in Invisionpower Ibphotohost 1.1.2 SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter. | 7.5 |
| 2010-09-22 | CVE-2010-3485 | SQL Injection vulnerability in Lightneasy 3.2.1 SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the userhandle cookie to LightNEasy.php, a different vector than CVE-2008-6593. | 7.5 |
| 2010-09-22 | CVE-2010-3484 | SQL Injection vulnerability in Lightneasy 3.2.1 SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows remote attackers to execute arbitrary SQL commands via the handle parameter to LightNEasy.php, a different vector than CVE-2008-6593. | 7.5 |
| 2010-09-22 | CVE-2010-3482 | SQL Injection vulnerability in Bouzouste Primitive CMS 1.0.9 Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters. | 6.5 |
| 2010-09-22 | CVE-2010-3481 | SQL Injection vulnerability in Apphp PHP Microcms 1.0.1 Multiple SQL injection vulnerabilities in login.php in ApPHP PHP MicroCMS 1.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user_name and (2) password variables, possibly related to include/classes/Login.php. | 6.8 |
| 2010-09-22 | CVE-2010-3479 | SQL Injection vulnerability in Boutikone 1.0 SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |
| 2010-09-22 | CVE-2009-5003 | SQL Injection vulnerability in E-Soft24 Banner Exchange Script 1.0 SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter. | 7.5 |
| 2010-09-17 | CVE-2010-3467 | SQL Injection vulnerability in E-Xoopport Samsara 3.0/3.1 SQL injection vulnerability in modules/sections/index.php in E-Xoopport Samsara 3.1 and earlier, when the Tutorial module is enabled, allows remote attackers to execute arbitrary SQL commands via the secid parameter in a listarticles action. | 6.8 |
| 2010-09-17 | CVE-2010-3461 | SQL Injection vulnerability in Endonesia 8.4 SQL injection vulnerability in the Publisher module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printarticle action to mod.php, a different vector than CVE-2007-3394. | 7.5 |