Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-09-23 | CVE-2009-3314 | SQL Injection vulnerability in Eliteladders Elite Gaming Ladders 3.2 SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 allows remote attackers to execute arbitrary SQL commands via the platform parameter. | 7.5 |
2009-09-23 | CVE-2009-3313 | SQL Injection vulnerability in Fmyclone 2.3 Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action to edit.php. | 6.5 |
2009-09-23 | CVE-2009-3310 | SQL Injection vulnerability in Shalwan Zainu 1.0 SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary SQL commands via the album_id parameter in an AlbumSongs action. | 7.5 |
2009-09-23 | CVE-2009-3309 | SQL Injection vulnerability in Cfshopkart CF Shopkart 5.4 SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a ViewDetails action, a different vector than CVE-2008-6320. | 7.5 |
2009-09-23 | CVE-2009-3308 | SQL Injection vulnerability in Fanupdate 2.2.1 SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter. | 7.5 |
2009-09-18 | CVE-2009-3259 | SQL Injection vulnerability in Thomas Cuchta Rash 1.2.2 Multiple SQL injection vulnerabilities in RASH Quote Management System (RQMS) 1.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the search parameter in a search action, (2) the quote parameter in a quote addition, or (3) a User_Name cookie in unspecified administrative actions. | 7.5 |
2009-09-18 | CVE-2009-3255 | SQL Injection vulnerability in Thomas Cuchta Rash SQL injection vulnerability in RASH Quote Management System (RQMS) 1.2.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an admin action to the default URI. | 6.8 |
2009-09-18 | CVE-2009-3252 | SQL Injection vulnerability in Dave Robinson Rockbandcms 0.10 Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters. | 7.5 |
2009-09-18 | CVE-2009-3246 | SQL Injection vulnerability in Mybuxscript Pts-Bux SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute arbitrary SQL commands via the id parameter in an spnews action to the default URI. | 7.5 |
2009-09-16 | CVE-2009-3226 | SQL Injection vulnerability in Almondsoft Affiliate Network Classifieds and Almond Classifieds SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action. | 7.5 |