Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-30 | CVE-2009-3501 | SQL Injection vulnerability in Bpowerhouse Bpstudents 1.0 SQL injection vulnerability in students.php in BPowerHouse BPStudents 1.0 allows remote attackers to execute arbitrary SQL commands via the test parameter in a preview action. | 7.5 |
| 2009-09-30 | CVE-2009-3500 | SQL Injection vulnerability in Bpowerhouse Bpgames 1.0 Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to main.php and (2) game_id parameter to game.php. | 7.5 |
| 2009-09-30 | CVE-2009-3499 | SQL Injection vulnerability in Bpowerhouse Bplawyercasedocuments 1.0 SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
| 2009-09-30 | CVE-2009-3498 | SQL Injection vulnerability in Hbcms 1.7 SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | 6.8 |
| 2009-09-30 | CVE-2009-3497 | SQL Injection vulnerability in Vastal Agent Zone SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2009-09-30 | CVE-2009-3495 | SQL Injection vulnerability in Vastal DVD Zone SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465. | 7.5 |
| 2009-09-30 | CVE-2009-3494 | SQL Injection vulnerability in Todor Lazarov T-Htb Manager 0.5 Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors. | 6.8 |
| 2009-09-30 | CVE-2009-3491 | SQL Injection vulnerability in Kinfusion COM Sportfusion 0.2.2/0.2.3 SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php. | 7.5 |
| 2009-09-30 | CVE-2009-3480 | SQL Injection vulnerability in Isygen Icrm Basic 1.4.2.31 SQL injection vulnerability in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php. | 7.5 |
| 2009-09-28 | CVE-2009-3446 | SQL Injection vulnerability in Rick Estrada COM Mytube 1.0Beta SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php. | 7.5 |