High
CVE-2007-1811
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter in a show actio…
Tag: SQL Injection
All CVEs associated with "SQL Injection". Page 158/174 • 20871 CVEs.
Subscribe CVEs: RSS for “SQL Injection” · RSS (High+Critical only)
About “SQL Injection”
A curated feed of “SQL Injection”-related CVEs appears below. We currently track 20871 CVEs for this tag (all time). In the last 365 days, 4083 were published. Average CVSS is 7.7 (all time; 7.3 over 365d), and 76% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-20 - Improper Input Validation.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2007-04-02
High
CVE-2007-1813
SQL injection vulnerability in display.php in the eCal 2.24 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the katid parameter.
High
CVE-2007-1814
SQL injection vulnerability in viewcat.php in the Core module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2007-0377.
High
CVE-2007-1815
SQL injection vulnerability in viewcat.php in the Library module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
High
CVE-2007-1816
SQL injection vulnerability in viewcat.php in the Tutoriais module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter.
High
CVE-2007-1817
SQL injection vulnerability in index.php in the Lykos Reviews (lykos_reviews) 1.00 module for Xoops allows remote attackers to execute arbitrary SQL commands via the uid parameter in a u action.
2007-03-31
Medium
CVE-2007-1786
SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collab…
High
CVE-2007-1791
SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.
2007-03-30
Medium
CVE-2007-1776
SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artic…
High
CVE-2007-1779
Multiple SQL injection vulnerabilities in the MySQL back-end in Advanced Website Creator (AWC) before 1.9.0 might allow remote attackers to execute arbitrary SQL commands via unspecified parameters,…
2007-03-28
Critical
CVE-2007-1725
SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstra…
High
CVE-2007-1729
SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 10005 Beta Release 1 allows remote attackers to execute arbitrary SQL commands via the flexbb_lang_id COOKIE parameter to index.php.
2007-03-27
High
CVE-2007-1712
SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Auction Pro 7.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
High
CVE-2007-1696
SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter 4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsPaperID parameter.
High
CVE-2007-1703
SQL injection vulnerability in index.php in the RWCards (com_rwcards) 2.4.3 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
High
CVE-2007-1704
SQL injection vulnerability in index.php in the Car Manager (com_resman) 1.1 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2007-1705
SQL injection vulnerability in default.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
High
CVE-2007-1706
SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows remote attackers to execute arbitrary SQL commands via the QuizID parameter.
2007-03-24
High
CVE-2007-1656
Multiple SQL injection vulnerabilities in index.php in Katalog Plyt Audio 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fraza and (2) litera parameters, differe…
2007-03-23
High
CVE-2007-1641
SQL injection vulnerability in index.php in PortailPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the idnews parameter.
High
CVE-2007-1634
Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parame…
High
CVE-2007-1624
Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.…
High
CVE-2007-1629
SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Photo Gallery allows remote attackers to execute arbitrary SQL commands via the catid parameter.
High
CVE-2007-1630
SQL injection vulnerability in default.asp in ActiveWebSoftwares Active Link Engine allows remote attackers to execute arbitrary SQL commands via the catid parameter.
High
CVE-2007-1612
SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the kolumna parameter.
High
CVE-2007-1615
SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
High
CVE-2007-1616
SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the recid parameter.
High
CVE-2007-1617
SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
High
CVE-2007-1618
SQL injection vulnerability in index.php in ScriptMagix FAQ Builder 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
High
CVE-2007-1619
SQL injection vulnerability in viewcomments.php in ScriptMagix Photo Rating 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the phid parameter.
2007-03-22
High
CVE-2007-1602
SQL injection vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to execute arbitrary SQL commands via the order parameter.
2007-03-21
Medium
CVE-2007-1572
SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NO…
Medium
CVE-2007-1573
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.
High
CVE-2007-1575
Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) unspecified vectors to the (a)…
High
CVE-2007-1566
SQL injection vulnerability in News/page.asp in NetVIOS Portal allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. NOTE: this issue might be the same as CVE-2006-5954.
High
CVE-2007-1556
SQL injection vulnerability in kommentare.php in Creative Files 1.2 allows remote attackers to execute arbitrary SQL commands via the dlid parameter.
2007-03-20
High
CVE-2006-7172
Multiple SQL injection vulnerabilities in php-stats.recphp.php in PHP-Stats 0.1.9.1b and earlier allow remote attackers to execute arbitrary code via a leading dotted-quad IP address string in the (1…
High
CVE-2007-1548
SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attacker…
High
CVE-2007-1550
Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote attackers to execute arbitrary SQL commands via the (1) image_id or (2) cat_id parameter to (a) gallery.php; the (3) news_id paramet…
High
CVE-2007-1555
SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 build 238a and earlier for phpBB allows remote attackers to execute arbitrary SQL commands via the c parameter.
High
CVE-2007-1517
SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2007-1518
SQL injection vulnerability in usergroups.php in Woltlab Burning Board (wBB) 2.x allows remote attackers to execute arbitrary SQL commands via the array index of the applicationids array.
High
CVE-2006-7170
Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) prod…
High
CVE-2007-1510
SQL injection vulnerability in post.php in Particle Blogger 1.0.0 through 1.2.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
2007-03-16
High
CVE-2007-1469
SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.
High
CVE-2007-1481
SQL injection vulnerability in index.php in WBBlog allows remote attackers to execute arbitrary SQL commands via the e_id parameter in a viewentry cmd.
2007-03-14
High
CVE-2007-1450
SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and earlier allows remote attackers to execute arbitrary SQL commands in the Top or News module via the lang parameter.
High
CVE-2007-1445
SQL injection vulnerability in the heme preview feature for default.asp in BP Blog 7.0 through 7.0.2 allows remote attackers to execute arbitrary SQL commands via the layout parameter.
2007-03-13
High
CVE-2007-1438
SQL injection vulnerability in devami.asp in X-Ice News System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2007-1440
SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the author parameter.
High
CVE-2007-1434
SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, might allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) userdetail.php, id a…
High
CVE-2007-1422
SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-0688.
High
CVE-2007-1425
SQL injection vulnerability in index.php in Triexa SonicMailer Pro 3.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the list parameter in an archive action.
High
CVE-2007-1428
SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 allows remote attackers to execute arbitrary SQL commands via the salary parameter.
2007-03-12
High
CVE-2007-1417
SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a komm aktion.
2007-03-10
High
CVE-2007-1410
SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal allows remote attackers to execute arbitrary SQL commands via the kategori parameter.
2007-03-08
High
CVE-2007-1339
SQL injection vulnerability in index.php in Links Management Application 1.0 allows remote attackers to execute arbitrary SQL commands via the lcnt parameter.
2007-03-07
High
CVE-2007-1326
SQL injection vulnerability in index.php in Serendipity 1.1.1 allows remote attackers to execute arbitrary SQL commands via the serendipity[multiCat][] parameter.
Medium
CVE-2006-7138
SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modi…
High
CVE-2006-7144
SQL injection vulnerability in Call Center Software 0.93 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the user name in the login page.
High
CVE-2006-7150
Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php.
High
CVE-2006-7161
SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows remote attackers to bypass authentication via the (1) k_a class or (2) sifre parameter.
Medium
CVE-2007-1289
SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the s parameter.
High
CVE-2007-1290
SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking System (TygerBT) 1.1.3 allows remote attackers to execute arbitrary SQL commands via the bug parameter. NOTE: the provenance of th…
High
CVE-2007-1292
SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the…
Medium
CVE-2007-1293
SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categoria parameter to the top-leve…
High
CVE-2007-1295
SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the td_id parameter.
High
CVE-2007-1296
SQL injection vulnerability in postingdetails.php in AJ Classifieds 1.0 allows remote attackers to execute arbitrary SQL commands via the postingid parameter.
High
CVE-2007-1297
SQL injection vulnerability in view_profile.php in AJDating 1.0 allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
High
CVE-2007-1298
SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
Medium
CVE-2007-1302
SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. NOTE: it was…
Medium
CVE-2007-1304
Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook 23.11.2006, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) co…
2007-03-06
High
CVE-2006-7115
SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and othe…
High
CVE-2006-7116
SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id var…
High
CVE-2006-7118
SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
High
CVE-2006-7123
Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspec…
Medium
CVE-2006-7126
SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the query string, possibly PHP_SELF.
2007-03-03
High
CVE-2006-7101
SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the AdminUser cookie.
High
CVE-2007-1250
SQL injection vulnerability in section/default.asp in ANGEL Learning Management Suite (LMS) 7.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Medium
CVE-2007-1254
SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parame…
Medium
CVE-2007-1255
Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smil…
High
CVE-2007-1242
SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is…
2007-03-02
High
CVE-2006-7071
SQL injection vulnerability in classes/class_session.php in Invision Power Board (IPB) 2.1 up to 2.1.6 allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP parameter.
Medium
CVE-2006-7076
Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue…
Medium
CVE-2006-7077
SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter.
Medium
CVE-2006-7085
Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as…
High
CVE-2006-7088
Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) logon_user.php and (2) update_profile.…
High
CVE-2006-7089
SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2006-7092
SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter.
Medium
CVE-2007-1135
Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id…
Medium
CVE-2007-1154
SQL injection vulnerability in webSPELL allows remote attackers to execute arbitrary SQL commands via a ws_auth cookie, a different vulnerability than CVE-2006-4782.
High
CVE-2007-1163
SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019,…
High
CVE-2007-1166
SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter.
High
CVE-2007-1171
SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
Medium
CVE-2007-1172
SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Di…
2007-02-27
Medium
CVE-2007-1121
Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to…
Medium
CVE-2007-1122
Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id para…
2007-02-26
High
CVE-2007-1107
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later…
2007-02-24
High
CVE-2006-7057
SQL injection vulnerability in search.php in Sphider before 1.3.1c allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is u…
2007-02-23
High
CVE-2006-7025
SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter.
High
CVE-2006-7034
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
2007-02-22
High
CVE-2007-1077
SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. NOTE: the provenance of this information i…
Medium
CVE-2007-1061
SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via th…
2007-02-21
High
CVE-2007-1058
SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter.
Critical
CVE-2007-1015
SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2007-1016
SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the…
Medium
CVE-2007-1019
SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a dif…
Critical
CVE-2007-1021
SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.
High
CVE-2007-1022
SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown;…
High
CVE-2007-1023
SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2007-1026
SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode. NOTE: some of these details are ob…
High
CVE-2007-1034
SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id par…
2007-02-16
High
CVE-2007-0984
SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp.
High
CVE-2007-0985
SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action.
High
CVE-2007-0970
Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified param…
High
CVE-2007-0971
Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip var…
2007-02-15
High
CVE-2007-0951
SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.
2007-02-14
High
CVE-2007-0920
SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
2007-02-13
High
CVE-2007-0904
SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php.
2007-02-12
High
CVE-2006-7005
SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details…