Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-10-08 | CVE-2009-3595 | SQL Injection vulnerability in Vspanel VS Panel 7.5.5 SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590. | 7.5 |
2009-10-08 | CVE-2009-3590 | SQL Injection vulnerability in Vspanel VS Panel 7.3.6 SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter. | 7.5 |
2009-10-02 | CVE-2009-3543 | SQL Injection vulnerability in Phenotype-Cms Phenotype CMS SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name). | 7.5 |
2009-10-02 | CVE-2009-3533 | SQL Injection vulnerability in John Beranek Meeting Room Booking System SQL injection vulnerability in report.php in Meeting Room Booking System (MRBS) before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the typematch parameter. | 7.5 |
2009-10-02 | CVE-2009-3532 | SQL Injection vulnerability in Logrover 2.3/2.3.3 Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. | 7.5 |
2009-10-02 | CVE-2009-3531 | SQL Injection vulnerability in Universe CMS 1.0.6 SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-10-02 | CVE-2009-3529 | SQL Injection vulnerability in Radscripts Radbids 4 SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074. | 6.8 |
2009-10-02 | CVE-2009-3528 | SQL Injection vulnerability in Al4Us Mymsg 1.0.3 SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execute arbitrary SQL commands via the uid parameter in a show action. | 6.5 |
2009-10-01 | CVE-2009-3514 | SQL Injection vulnerability in Marcin Manek D.Net CMS Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admin/index.php. | 6.5 |
2009-10-01 | CVE-2009-3510 | SQL Injection vulnerability in Dataspheric Linkspheric 0.74 SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter. | 7.5 |