Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-24 | CVE-2008-7044 | SQL Injection vulnerability in Ajsquare Free Polling Script SQL injection vulnerability in admin/include/newpoll.php in AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to execute arbitrary SQL commands via the ques parameter. | 7.5 |
| 2009-08-24 | CVE-2008-7040 | SQL Injection vulnerability in Yellowswordfish Simple Forum SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. | 7.5 |
| 2009-08-24 | CVE-2008-7038 | SQL Injection vulnerability in Maxdev MY Egallery SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. | 7.5 |
| 2009-08-24 | CVE-2008-7033 | SQL Injection vulnerability in Galore COM Simpleshop SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. | 7.5 |
| 2009-08-24 | CVE-2008-7030 | SQL Injection vulnerability in Site2Nite Real Estate web Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp. | 7.5 |
| 2009-08-21 | CVE-2009-2929 | SQL Injection vulnerability in Tgs-Cms TGS Content Management Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php. | 7.5 |
| 2009-08-21 | CVE-2009-2927 | SQL Injection vulnerability in Digitalspinners DS CMS 1.0 SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter. | 7.5 |
| 2009-08-21 | CVE-2009-2926 | SQL Injection vulnerability in PHPcompet.Free PHP Competition System 0.84 Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php. | 7.5 |
| 2009-08-21 | CVE-2009-2924 | SQL Injection vulnerability in Videosbroadcastyourself Videos Broadcast Yourself 2 Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter to catvideo.php and (3) uid parameter to cviewchannels.php. | 7.5 |
| 2009-08-21 | CVE-2009-2921 | SQL Injection vulnerability in Mocdesigns PHP News 1.1 Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field). | 7.5 |