Medium
CVE-2007-4086
Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to gmembers.php, or (2) the UID paramete…
Tag: SQL Injection
All CVEs associated with "SQL Injection". Page 156/174 • 20871 CVEs.
Subscribe CVEs: RSS for “SQL Injection” · RSS (High+Critical only)
About “SQL Injection”
A curated feed of “SQL Injection”-related CVEs appears below. We currently track 20871 CVEs for this tag (all time). In the last 365 days, 4083 were published. Average CVSS is 7.7 (all time; 7.3 over 365d), and 76% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-20 - Improper Input Validation.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2007-07-30
2007-07-27
High
CVE-2007-4046
SQL injection vulnerability in index.php in the Pony Gallery (com_ponygallery) 1.5 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
2007-07-25
High
CVE-2007-3987
SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote attackers to execute arbitrary SQL commands via the SearchWord parameter.
High
CVE-2007-3990
SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the goster parameter is set to emlakdetay, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: th…
High
CVE-2007-3992
SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by…
Medium
CVE-2007-3966
SQL injection vulnerability in Munch Pro allows remote attackers to execute arbitrary SQL commands via the login field to /admin, a different vulnerability than CVE-2006-5880.
High
CVE-2007-3976
SQL injection vulnerability in index.php in bwired allows remote attackers to execute arbitrary SQL commands via the newsID parameter.
Medium
CVE-2007-3979
SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
High
CVE-2007-3981
SQL injection vulnerability in index.php in WSN Links Basic Edition allows remote attackers to execute arbitrary SQL commands via the catid parameter in a displaycat action.
2007-07-21
High
CVE-2007-3933
SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-205…
High
CVE-2007-3937
Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
High
CVE-2007-3938
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view acti…
Medium
CVE-2007-3939
SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) CMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the category pa…
High
CVE-2007-3943
SQL injection vulnerability in Infinite Responder before 1.48 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third p…
2007-07-19
High
CVE-2007-3905
SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote attackers to execute arbitrary SQL commands via the _order parameter to (1) photos.php and (2) edit_photos.php.
High
CVE-2007-3909
Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) date and (2) limit parameters to index.php, and other unspecified vecto…
2007-07-18
High
CVE-2007-3881
SQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter.
High
CVE-2007-3882
SQL injection vulnerability in index.php in Expert Advisor allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2007-3884
SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: it was later reported that 2.0.1 is…
High
CVE-2007-3889
Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the current_subsection parameter to index.php and other uns…
Medium
CVE-2007-3853
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to have unknown impact via (1) DBMS_JAVA_TEST in the JavaVM component (DB01), (2) Oracle…
Medium
CVE-2007-3854
Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing compo…
High
CVE-2007-3860
Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. NO…
2007-07-17
High
CVE-2007-3840
SQL injection vulnerability in referralUrl.php in Traffic Stats allows remote attackers to execute arbitrary SQL commands via the offset parameter.
Critical
CVE-2007-3824
SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows remote attackers to execute arbitrary SQL commands via the katID parameter.
High
CVE-2007-3808
SQL injection vulnerability in includes/search.php in paFileDB 3.6 allows remote attackers to execute arbitrary SQL commands via the categories[] parameter in a search action to index.php, a differen…
High
CVE-2007-3809
Multiple SQL injection vulnerabilities in Prozilla Directory Script allow remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action to directory.php, and other unsp…
High
CVE-2007-3810
SQL injection vulnerability in index.php in Realtor 747 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
High
CVE-2007-3811
Multiple SQL injection vulnerabilities in eSyndiCat allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php or (2) the name parameter to page.php.
High
CVE-2007-3812
SQL injection vulnerability in forums.php in CMScout 1.23 and earlier allows remote attackers to execute arbitrary SQL commands via the f parameter in a forums action to index.php.
High
CVE-2007-3814
Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the idurlo field in the delete_urlo function in (a) index.php in the urlobox…
2007-07-15
Medium
CVE-2007-3013
SQL injection vulnerability in activeWeb contentserver before 5.6.2964 allows remote authenticated users with edit permission to execute arbitrary SQL commands via the id parameter to admin/picture/p…
High
CVE-2007-3789
SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows remote attackers to execute arbitrary SQL commands via the Password field. NOTE: the provenance of this information is unknown;…
High
CVE-2007-3793
SQL injection vulnerability in Job Management Partner 1/NETM/DM (JP1/NETM/DM) Manager on Windows before 20070413 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
High
CVE-2007-3783
SQL injection vulnerability in default.asp in enVivo!CMS allows remote attackers to execute arbitrary SQL commands via the ID parameter in an article action. NOTE: this is probably different from CV…
2007-07-11
High
CVE-2007-3705
SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified comp…
High
CVE-2007-3682
SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2007-3683
SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earlier allows remote attackers to execute arbitrary SQL commands via the topic_id parameter.
High
CVE-2007-3684
Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (…
Medium
CVE-2007-3687
SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the…
Medium
CVE-2007-3691
Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1)…
High
CVE-2007-3677
Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl, (2) ip.pl, and (3) einsite_director.pl. N…
2007-07-10
High
CVE-2007-3646
SQL injection vulnerability in index.php in FlashGameScript 1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a member action.
High
CVE-2007-3648
SQL injection vulnerability in Webmatic before 2.6.2, and possibly other versions before 2.7, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly related to ad…
High
CVE-2007-3631
SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the params parameter, related to missing input validatio…
High
CVE-2007-3637
SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka ZD-00000008. this information is based upon a vague advisory by a…
2007-07-09
High
CVE-2007-3627
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the cid parameter to (1) login.php, (2) auth.php, and (3) subscrib…
Critical
CVE-2007-3629
SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown;…
2007-07-06
Medium
CVE-2007-3603
SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id pa…
High
CVE-2007-3609
Multiple SQL injection vulnerabilities in eMeeting Online Dating Software 5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) b.php and (2) account/gallery.php, a…
High
CVE-2007-3610
SQL injection vulnerability in categories_type.php in phpVID 0.9.9 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
2007-07-05
High
CVE-2007-3589
Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showthread.php or (2) showboard.php.
Medium
CVE-2007-3573
Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different v…
High
CVE-2007-3575
SQL injection vulnerability in includes/functions in FreeDomain.co.nr Clone allows remote attackers to execute arbitrary SQL commands via the logindomain parameter to members.php.
High
CVE-2007-3582
SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter.
High
CVE-2007-3583
SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter.
High
CVE-2007-3584
SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter.
High
CVE-2007-3588
SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote attackers to execute arbitrary SQL commands via the UserID parameter to sub-join.php. NOTE: this may be the same as CVE-2006-369…
2007-07-04
Medium
CVE-2007-3557
SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter.
High
CVE-2007-3558
SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
High
CVE-2007-3562
SQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2007-3563
SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php.
2007-07-03
High
CVE-2007-3549
SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
High
CVE-2007-3534
SQL injection vulnerability in login.php in WebChat 0.78 allows remote attackers to execute arbitrary SQL commands via the rid parameter.
High
CVE-2007-3538
SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2007-3539
Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti…
Critical
CVE-2007-3515
SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2007-3518
SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2007-3519
SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2007-3520
SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
High
CVE-2007-3521
SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 allows remote attackers to execute arbitrary SQL commands via a usercookie cookie.
High
CVE-2007-3526
Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter…
2007-06-27
High
CVE-2007-3461
SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
High
CVE-2007-3427
SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action.
High
CVE-2007-3430
SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action.
High
CVE-2007-3433
SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action.
Medium
CVE-2007-3447
SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also b…
Medium
CVE-2007-3449
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
Medium
CVE-2007-3450
SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the detai…
High
CVE-2007-3452
SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action.
High
CVE-2007-3453
SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components.
2007-06-26
High
CVE-2007-3411
SQL injection vulnerability in edit_image.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
High
CVE-2007-3415
Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 rc8 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) type parameter.
Medium
CVE-2007-2520
SQL injection vulnerability in admin.php in MyNews 0.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authacc cookie.
Medium
CVE-2007-3183
Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameter…
High
CVE-2007-3394
Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the (1) artid parameter to mod.php in a viewarticle action (publisher mod) and the…
High
CVE-2007-3399
SQL injection vulnerability in include/get_userdata.php in Power Phlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.p…
High
CVE-2007-3402
SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action.
2007-06-22
High
CVE-2007-3345
Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) Outgoing_Type_ID, (2) Outgoing_ID, (3) Project_ID, (4) Clie…
High
CVE-2007-3354
Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the s_user_id parameter to ViewCat.php and other unspecified vect…
2007-06-21
High
CVE-2007-3335
Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
High
CVE-2007-3313
Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.…
High
CVE-2007-3323
SQL injection vulnerability in comersus_optReviewReadExec.asp in Comersus Shop Cart 7.07 allows remote attackers to execute arbitrary SQL commands via the idProduct parameter. NOTE: this might be th…
High
CVE-2007-3311
SQL injection vulnerability in print.php in the Articles 1.02 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2007-3307
SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
2007-06-20
High
CVE-2007-3298
SQL injection vulnerability in Spey before 0.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to MessageProcessor.cc and possibly other components.
High
CVE-2007-3301
SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. NOTE: a patch may have been releas…
High
CVE-2007-3293
SQL injection vulnerability in categoria.php in LiveCMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
2007-06-19
High
CVE-2007-3273
SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the de…
Medium
CVE-2007-3128
SQL injection vulnerability in content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter.
2007-06-18
Medium
CVE-2007-3247
SQL injection vulnerability in VirtueMart before 1.0.11 allows remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly related to improper input validation of the PATH…
High
CVE-2007-3250
SQL injection vulnerability in mod_banners.php in Elxis CMS before 2006.4 20070613 allows remote attackers to execute arbitrary SQL commands via the mb_tracker cookie. NOTE: the product was patched…
2007-06-15
High
CVE-2007-3234
SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the topic parameter.
Medium
CVE-2007-3235
Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from…
High
CVE-2007-3244
SQL injection vulnerability in bb-includes/formatting-functions.php in bbPress before 0.8.1 might allow remote attackers to execute arbitrary SQL commands via unspecified vectors to forums/bb-edit.ph…
2007-06-14
Medium
CVE-2007-3214
SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter.
2007-06-12
High
CVE-2007-3188
SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
Medium
CVE-2007-3190
Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL command…
High
CVE-2007-3196
SQL injection vulnerability in vBSupport.php in vSupport Integrated Ticket System 3.x.x allows remote attackers to execute arbitrary SQL commands via the ticketid parameter in a showticket action.
High
CVE-2007-3197
SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before 1.1a allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
High
CVE-2007-3204
SQL injection vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.4-pre2 allows remote attackers to execute arbitrary SQL commands via the pass parameter. NOTE: this iss…
2007-06-11
High
CVE-2007-3179
Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vec…
High
CVE-2007-3175
Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via (1) the draft parameter to mailer.w2b or (2) the listDocPay parameter to DocP…
High
CVE-2007-3178
Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) pass parameter to (a) mezungiris.asp or (b) ogr…
2007-06-08
Medium
CVE-2007-3133
SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Medium
CVE-2007-3140
SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows remote authenticated users to execute arbitrary SQL commands via a parameter value in an XML RPC wp.suggestCategories methodCall, a d…
2007-06-07
High
CVE-2007-3119
SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) 1.0 allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
2007-06-06
High
CVE-2007-3077
SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the rank parameter.
High
CVE-2007-3080
SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is u…
High
CVE-2007-3088
SQL injection vulnerability in index.php in Comicsense allows remote attackers to execute arbitrary SQL commands via the epi parameter.