Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-08-17 | CVE-2009-2786 | SQL Injection vulnerability in Reputation 2.0.4/2.2.3 SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter. | 7.5 |
2009-08-17 | CVE-2009-2782 | SQL Injection vulnerability in Jfusion COM Jfusion SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | 7.5 |
2009-08-17 | CVE-2009-2781 | SQL Injection vulnerability in Arabportal Arab Portal 2.0.1/2.1/2.2 SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666. | 6.0 |
2009-08-17 | CVE-2009-2779 | SQL Injection vulnerability in Ajsquare AJ Matrix DNA SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action. | 7.5 |
2009-08-14 | CVE-2009-2777 | SQL Injection vulnerability in Garagesalesjunkie Garagesales Script SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter. | 7.5 |
2009-08-14 | CVE-2009-2776 | SQL Injection vulnerability in Sellatsite.Com Smart ASP Survey SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
2009-08-14 | CVE-2009-2775 | SQL Injection vulnerability in PHParcadescript 4.0 SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2009-08-14 | CVE-2009-2774 | SQL Injection vulnerability in PHP-Paid4Mail SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter. | 7.5 |
2009-08-13 | CVE-2009-2093 | SQL Injection vulnerability in IBM Websphere Partner Gateway SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | 6.5 |
2009-08-13 | CVE-2008-6970 | SQL Injection vulnerability in Ubbcentral Ubb.Threads SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter. | 7.5 |