Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-14 | CVE-2008-5088 | SQL Injection vulnerability in Knowledgebase-Script PHPkb Knowledge Base Software 1.5 Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909. | 7.5 |
| 2008-11-14 | CVE-2008-5087 | SQL Injection vulnerability in Typo3 Another Backend Login 0.0.1/0.0.2 SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2008-11-14 | CVE-2008-5075 | SQL Injection vulnerability in Scriptsfrenzy E-Uploader PRO 1.0 Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php. | 6.8 |
| 2008-11-14 | CVE-2008-5074 | SQL Injection vulnerability in PHP-Fusion Freshlinks Module 1.0 SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter. | 7.5 |
| 2008-11-14 | CVE-2008-5070 | SQL Injection vulnerability in PRO Chat Rooms PRO Chat Rooms 3.0.3 SQL injection vulnerability in Pro Chat Rooms 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the gud parameter to (1) profiles/index.php and (2) profiles/admin.php. | 7.5 |
| 2008-11-14 | CVE-2008-5069 | SQL Injection vulnerability in Deeserver Panuwat Promoteweb Mysql SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-11-13 | CVE-2008-5064 | SQL Injection vulnerability in H&H Websoccer 2.80 SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-11-13 | CVE-2008-5058 | SQL Injection vulnerability in Preproject PRE Simple CMS SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. | 7.5 |
| 2008-11-13 | CVE-2008-5057 | SQL Injection vulnerability in Aspindir Dizi Portali SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the film parameter. | 7.5 |
| 2008-11-13 | CVE-2008-5055 | SQL Injection vulnerability in Activecampaign Triolive SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to execute arbitrary SQL commands via the department_id parameter to index.php. | 7.5 |