Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-23 | CVE-2006-3168 | SQL-Injection vulnerability in Cs-Forum SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php. | 7.5 |
| 2006-06-22 | CVE-2006-3165 | SQL Injection vulnerability in Free Realty Propview.PHP SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter. | 7.5 |
| 2006-06-22 | CVE-2006-3164 | SQL Injection vulnerability in TPL Design TplShop Category.PHP SQL injection vulnerability in category.php in TPL Design tplShop 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the first_row parameter. | 7.5 |
| 2006-06-22 | CVE-2006-3163 | SQL Injection vulnerability in IMGallery Galeria.PHP Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start or (2) sort parameters. | 7.5 |
| 2006-06-22 | CVE-2006-3162 | Remote File Include vulnerability in SmartSiteCMS Inc_Foot.PHP PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. | 7.5 |
| 2006-06-22 | CVE-2006-3161 | SQL Injection vulnerability in Saphp Saphplesson 1.1 SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter. | 7.5 |
| 2006-06-22 | CVE-2006-3158 | Unspecified vulnerability in Eduha Meeting Eduha Meeting index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action. | 7.5 |
| 2006-06-22 | CVE-2006-3154 | Input Validation vulnerability in Thinkfactory Ultimate Estate 1.0 SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-06-22 | CVE-2006-3152 | SQL Injection vulnerability in Bluehouse Project PHPtrader 4.9Sp5 Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sectio parameter in (a) login.php, (b) write_newad.php, (c) newad.php, (d) printad.php, (e) askseller.php, (f) browse.php, (g) showmemberads.php, (h) note_ad.php, (i) abuse.php, (j) buynow.php, (k) confirm_newad.php, (2) an parameter in (l) printad.php, (m) note_ad.php, (3) who parameter in (n) showmemberads.php, and (4) adnr parameter in (o) buynow.php. | 7.5 |
| 2006-06-22 | CVE-2006-3150 | SQL Injection vulnerability in Cavoxcms 1.0.16 SQL injection vulnerability in index.php in CavoxCms 1.0.16 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |