Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-08-19 | CVE-2008-7003 | SQL Injection vulnerability in The-Rat-Cms Alpha2 Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alpha 2 allow remote attackers to execute arbitrary SQL commands via the (1) user_id and (2) password parameter. | 7.5 |
2009-08-19 | CVE-2008-6991 | SQL Injection vulnerability in Cmsbright SQL injection vulnerability in public/page.php in Websens CMSbright allows remote attackers to execute arbitrary SQL commands via the id_rub_page parameter. | 7.5 |
2009-08-19 | CVE-2008-6990 | SQL Injection vulnerability in Ezphotogallery 2.1 SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. | 7.5 |
2009-08-19 | CVE-2008-6989 | SQL Injection vulnerability in Ezphotogallery 2.1 SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2009-08-19 | CVE-2008-6986 | SQL Injection vulnerability in Zen-Cart ZEN Cart SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the products_id array parameter in a multiple_products_add_product action, a different vulnerability than CVE-2008-6985. | 6.8 |
2009-08-19 | CVE-2008-6985 | SQL Injection vulnerability in Zen-Cart ZEN Cart Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart. | 6.8 |
2009-08-19 | CVE-2008-6980 | SQL Injection vulnerability in PHPadultsite CMS 2.3.2 SQL injection vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to execute arbitrary SQL commands via the results_per_page parameter to index.php. | 7.5 |
2009-08-17 | CVE-2009-2790 | SQL Injection vulnerability in Softbiz Dating Script SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. | 7.5 |
2009-08-17 | CVE-2009-2789 | SQL Injection vulnerability in Permis COM Groups SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. | 7.5 |
2009-08-17 | CVE-2009-2788 | SQL Injection vulnerability in Mobilelib Gold 3 Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php. | 7.5 |