Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-09-30 | CVE-2009-3494 | SQL Injection vulnerability in Todor Lazarov T-Htb Manager 0.5 Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors. | 6.8 |
2009-09-30 | CVE-2009-3491 | SQL Injection vulnerability in Kinfusion COM Sportfusion 0.2.2/0.2.3 SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php. | 7.5 |
2009-09-30 | CVE-2009-3480 | SQL Injection vulnerability in Isygen Icrm Basic 1.4.2.31 SQL injection vulnerability in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php. | 7.5 |
2009-09-28 | CVE-2009-3446 | SQL Injection vulnerability in Rick Estrada COM Mytube 1.0Beta SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php. | 7.5 |
2009-09-28 | CVE-2009-3443 | SQL Injection vulnerability in Fastballproductions COM Fastball 1.1.0/1.2 SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php. | 7.5 |
2009-09-28 | CVE-2009-3439 | SQL Injection vulnerability in Alienvault Ossim 1.0.4/1.0.6/2.1 Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu. | 6.5 |
2009-09-28 | CVE-2009-3438 | SQL Injection vulnerability in Witchakorn Kamolpornwijit COM Facebook SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php. | 7.5 |
2009-09-28 | CVE-2009-3436 | SQL Injection vulnerability in Maxwebportal Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID or (2) CAT_ID parameter. | 7.5 |
2009-09-28 | CVE-2009-3434 | SQL Injection vulnerability in Onestopjoomla COM Tupinambis 1.0 SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php. | 7.5 |
2009-09-25 | CVE-2009-3430 | SQL Injection vulnerability in Allomani Mobile 2.5 SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | 7.5 |