Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-08-27 | CVE-2009-2978 | SQL Injection vulnerability in Sugarcrm SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2009-08-26 | CVE-2008-7091 | SQL Injection vulnerability in Pligg CMS Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php. | 7.5 |
2009-08-26 | CVE-2008-7085 | SQL Injection vulnerability in Thehockeystop Hockeystats Online 2.0 Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php. | 7.5 |
2009-08-25 | CVE-2008-7083 | SQL Injection vulnerability in Revou Micro Blogging Twitter Clone Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | 7.5 |
2009-08-25 | CVE-2008-7077 | SQL Injection vulnerability in Relative Sailplanner 0.3A Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | 7.5 |
2009-08-25 | CVE-2008-7075 | SQL Injection vulnerability in Kalptaru Infotech Stararticles 6.0 Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. | 7.5 |
2009-08-25 | CVE-2008-7071 | SQL Injection vulnerability in Chipmunk-Scripts Chipmunk Topsites SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to execute arbitrary SQL commands via the username parameter, related to login.php. | 7.5 |
2009-08-24 | CVE-2008-7059 | SQL Injection vulnerability in Aled Owen One-News SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter. | 7.5 |
2009-08-24 | CVE-2008-7049 | SQL Injection vulnerability in Natterchat 1.1/1.12 Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. | 7.5 |
2009-08-24 | CVE-2008-7044 | SQL Injection vulnerability in Ajsquare Free Polling Script SQL injection vulnerability in admin/include/newpoll.php in AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to execute arbitrary SQL commands via the ques parameter. | 7.5 |