Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-15 | CVE-2009-3125 | SQL Injection vulnerability in Mozilla Bugzilla SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. | 7.5 |
| 2009-09-15 | CVE-2009-3193 | SQL Injection vulnerability in Uwix COM Digifolio 1.52 SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php. | 7.5 |
| 2009-09-15 | CVE-2009-3190 | SQL Injection vulnerability in Pad-Site-Scripts PAD Site Scripts 3.6 Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to list.php and (2) cat parameter to rss.php. | 7.5 |
| 2009-09-15 | CVE-2009-3185 | SQL Injection vulnerability in Comsenz Crazy Star Plugin 2.0 SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action. | 7.5 |
| 2009-09-14 | CVE-2008-7226 | SQL Injection vulnerability in PHP-Nuke Recipe Module 1.3/1.4 SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter. | 7.5 |
| 2009-09-11 | CVE-2009-3175 | SQL Injection vulnerability in Boldfx Model Agency Manager PRO Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php. | 7.5 |
| 2009-09-11 | CVE-2008-7210 | SQL Injection vulnerability in Ming HAN Ajchat 0.10 directory.php in AJchat 0.10 allows remote attackers to bypass input validation and conduct SQL injection attacks via a numeric parameter with a value matching the s parameter's hash value, which prevents the associated $_GET["s"] variable from being unset. | 7.5 |
| 2009-09-11 | CVE-2008-7208 | SQL Injection vulnerability in Insane Visions Onecms Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php. | 6.8 |
| 2009-09-10 | CVE-2009-3154 | SQL Injection vulnerability in Almondsoft COM Aclassf 7.5 SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567. | 7.5 |
| 2009-09-10 | CVE-2009-3150 | SQL Injection vulnerability in Multi-Website Multi Website 1.5 SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action. | 7.5 |