Vulnerabilities > Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-11-04 | CVE-2008-4904 | SQL Injection vulnerability in Typosphere Typo SQL injection vulnerability in the "Manage pages" feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with "blog publisher" rights to execute arbitrary SQL commands via the search[published_at] parameter. | 6.0 |
2008-11-04 | CVE-2008-4902 | SQL Injection vulnerability in Scripts Frenzy Article Publisher PRO 1.5 SQL injection vulnerability in contact_author.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter. | 7.5 |
2008-11-04 | CVE-2008-4901 | SQL Injection vulnerability in Scripts Frenzy Article Publisher PRO 1.5 SQL injection vulnerability in admin/admin.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the username parameter. | 7.5 |
2008-11-04 | CVE-2008-4900 | SQL Injection vulnerability in Yourfreeworld Classifieds Blaster Script SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-11-04 | CVE-2008-4897 | SQL Injection vulnerability in Logz 1.3.1 SQL injection vulnerability in fichiers/add_url.php in Logz podcast CMS 1.3.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the art parameter. | 6.8 |
2008-11-04 | CVE-2008-4895 | SQL Injection vulnerability in Yourfreeworld Downline Builder Script SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-11-04 | CVE-2008-4912 | SQL Injection vulnerability in RS Maxsoft Fotogalerie SQL injection vulnerability in popup_img.php in the fotogalerie module in RS MAXSOFT allows remote attackers to execute arbitrary SQL commands via the fotoID parameter. | 7.5 |
2008-11-04 | CVE-2008-4890 | SQL Injection vulnerability in 1ST News 4 Professional PR1 SQL injection vulnerability in products.php in 1st News 4 Professional (PR 1) allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-11-04 | CVE-2008-4889 | SQL Injection vulnerability in Dev!L'S Clanportal 1.2.5/1.3.6 SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action. | 7.5 |
2008-11-04 | CVE-2008-4887 | SQL Injection vulnerability in Netrisk 1.9.7 SQL injection vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) profile page (profile.php) or (2) game page (game.php). | 7.5 |