Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

DATE CVE VULNERABILITY TITLE RISK
2009-09-03 CVE-2009-3062 SQL Injection vulnerability in PHPlivesupport. PHPlive! 3.3
SQL injection vulnerability in message_box.php in OSI Codes PHP Live! 3.3 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.
network
low complexity
phplivesupport CWE-89
7.5
7.5
2009-09-03 CVE-2009-3061 SQL Injection vulnerability in Alqa6Ari Script Q R 1.0
SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
alqa6ari CWE-89
7.5
7.5
2009-09-03 CVE-2009-3059 SQL Injection vulnerability in Allpublication Jboard
Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php.
network
low complexity
allpublication CWE-89
7.5
7.5
2009-09-03 CVE-2009-3054 SQL Injection vulnerability in Artetics COM Artportal 1.0
SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php.
network
low complexity
joomla artetics CWE-89
7.5
7.5
2009-09-03 CVE-2009-3052 SQL Injection vulnerability in Absoluteanime Prime Quick Style 1.2.3
SQL injection vulnerability in root/includes/prime_quick_style.php in the Prime Quick Style addon before 1.2.3 for phpBB 3 allows remote authenticated users to execute arbitrary SQL commands via the prime_quick_style parameter to ucp.php.
network
low complexity
phpbb absoluteanime CWE-89
6.5
6.5
2009-09-02 CVE-2008-7153 SQL Injection vulnerability in Docebo
SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header.
network
low complexity
docebo CWE-89
7.5
7.5
2009-09-01 CVE-2008-7145 SQL Injection vulnerability in Coronamatrix PHPaddressbook 2.0
Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters.
network
low complexity
coronamatrix CWE-89
7.5
7.5
2009-08-28 CVE-2008-7120 SQL Injection vulnerability in Mrcgiguy HOT Links Sql-PHP
SQL injection vulnerability in Mr.
network
low complexity
mrcgiguy CWE-89
7.5
7.5
2009-08-28 CVE-2008-7119 SQL Injection vulnerability in Webidsupport Webid 0.5.4
SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
network
low complexity
webidsupport CWE-89
7.5
7.5
2009-08-28 CVE-2008-7116 SQL Injection vulnerability in Webidsupport Webid 0.5.4
SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username.
network
low complexity
webidsupport CWE-89
7.5
7.5