High
CVE-2006-3851
SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter.
Tag: SQL Injection
All CVEs associated with "SQL Injection". Page 163/174 • 20871 CVEs.
Subscribe CVEs: RSS for “SQL Injection” · RSS (High+Critical only)
About “SQL Injection”
A curated feed of “SQL Injection”-related CVEs appears below. We currently track 20871 CVEs for this tag (all time). In the last 365 days, 4083 were published. Average CVSS is 7.7 (all time; 7.3 over 365d), and 76% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-20 - Improper Input Validation.
In our taxonomy this topic maps to a HIGH impact class. Common exploitation patterns for this weakness can lead to high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2006-07-25
Medium
CVE-2006-3822
SQL injection vulnerability in index.php in GeodesicSolutions GeoAuctions Enterprise 1.0.6 allows remote attackers to execute arbitrary SQL commands via the d parameter.
Medium
CVE-2006-3823
SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b para…
Medium
CVE-2006-3827
SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL c…
Medium
CVE-2006-3828
Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using c…
High
CVE-2006-3832
SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
2006-07-24
High
CVE-2006-3770
Multiple SQL injection vulnerabilities in index.php in phpFaber TopSites 2.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) i_cat or (2) method parameters.
High
CVE-2006-3775
SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SE…
High
CVE-2006-3792
SQL injection vulnerability in ServerClientUfo::recv_packet in server_protocol.cpp in UFO2000 svn 1057 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving the…
High
CVE-2006-3794
SQL injection vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the search field. NOTE: the vendor has disputed this issue, statin…
High
CVE-2006-3797
SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote attackers to bypass authentication, spoof users, and modify settings via the (1) memberpw and (2) membercookie cookies.
High
CVE-2006-3799
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other…
2006-07-21
High
CVE-2006-3688
SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2006-3691
Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier allow remote attackers to execute arbitrary SQL commands via the UserID parameter to (1) ignore-pm.php, (2) sendmail.php, (3) reply.p…
Critical
CVE-2006-3698
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump M…
Critical
CVE-2006-3702
Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB06 in Export; (2) DB08, (3) DB…
Critical
CVE-2006-3705
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. NOTE: as of 20…
High
CVE-2006-3727
Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) gr_1_id, (2) gr_2_id, (3) gr_3_id, and (4) doc_id parameters in (a)…
High
CVE-2006-3752
Multiple SQL injection vulnerabilities in class.php in Professional Home Page Tools Guestbook allow remote attackers to execute arbitrary SQL commands via the (1) hidemail, (2) name, (3) mail, (4) ip…
High
CVE-2006-3758
inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbi…
High
CVE-2006-3760
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
High
CVE-2006-3763
SQL injection vulnerability in category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter.
2006-07-18
High
CVE-2006-3618
SQL injection vulnerability in pblguestbook.php in Pixelated By Lev (PBL) Guestbook 1.32 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) website…
High
CVE-2006-3662
SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states…
High
CVE-2006-3666
SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the 'Search' field, a different vulnerability than CVE-200…
High
CVE-2006-3614
index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to trigger a SQL error via the page_name parameter, possibly due to a SQL injection vulnerability.
High
CVE-2006-3621
SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to execute arbitrary SQL commands via the toid parameter.
Medium
CVE-2006-3622
The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information via a ' (single quote) in the p parameter, which displays the path in an error message. NOTE: it is…
High
CVE-2006-3598
SQL injection vulnerability in the Sections module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle op.
High
CVE-2006-3599
SQL injection vulnerability in the Nuke Advanced Classifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_ads parameter in an EditAds op.
2006-07-13
High
CVE-2006-3135
Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news…
High
CVE-2006-3576
SQL injection vulnerability in search.php in SenseSites CommonSense CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the Date parameter. NOTE: the provenance of this information…
High
CVE-2006-3577
SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op.
High
CVE-2006-3580
SQL injection vulnerability in pages.asp in ASP Stats Generator before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the order parameter.
High
CVE-2006-3560
SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums 1.0 allows remote attackers to execute arbitrary SQL commands via the f parameter.
High
CVE-2006-3565
SQL injection vulnerability in search.results.php in HiveMail 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the fields[] parameter.
High
CVE-2006-3572
SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and earlier allows remote attackers to execute arbitrary SQL commands via the msgid parameter.
Medium
CVE-2006-3541
SQL injection vulnerability in Meine Links (aka My Links) in Kyberna ky2help allows remote authenticated users to execute arbitrary SQL commands via unspecified "textboxes."
High
CVE-2006-3543
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action…
High
CVE-2006-3544
Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.3 Final allow remote attackers to execute arbitrary SQL commands via the CODE parameter in a (1) Stats, (2) Mail, and (3) Reg ac…
High
CVE-2006-3559
Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands and delete all shoutbox messages via the (1) name and (2) pesan paramet…
2006-07-12
High
CVE-2006-3525
SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final and 1.0.0 Release Candidate 6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
2006-07-11
High
CVE-2006-3515
SQL injection vulnerability in the loginADP function in ajaxp.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) pas…
High
CVE-2006-3516
Multiple SQL injection vulnerabilities in FreeHost allow remote attackers to execute arbitrary SQL commands via (1) readme parameter to FreeHost/misc.php or (2) index parameter to FreeHost/news.php.
High
CVE-2006-3518
SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal 2006 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
2006-07-10
High
CVE-2006-3474
Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to…
High
CVE-2006-3481
Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow remote attackers to execute arbitrary SQL commands via unspecified parameters involving the (1) "Remember Me" function, (2) "Rela…
High
CVE-2006-3485
Multiple SQL injection vulnerabilities in AstroDog Press Some Chess 1.5-RC2 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the gameID…
2006-07-07
High
CVE-2006-3430
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to…
2006-07-06
Medium
CVE-2006-3358
Multiple cross-site scripting (XSS) vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) cat_id, and (4) tim p…
High
CVE-2006-3359
Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) topmenuitem, and (4) cat_id parame…
High
CVE-2006-3364
SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Medium
CVE-2006-3384
SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters.
High
CVE-2006-3394
SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary SQL commands via the where parameter in a view action.
High
CVE-2006-3402
SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers to execute arbitrary SQL commands via the password parameter when logging in.
2006-07-03
High
CVE-2006-3346
SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows remote attackers to execute arbitrary SQL commands via the grp_id parameter.
High
CVE-2006-3347
SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP 1.3.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2006-3348
Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in report.php and (2) level pa…
High
CVE-2006-3349
Multiple SQL injection vulnerabilities in SmS Script allow remote attackers to execute arbitrary SQL commands via the CatID parameter in (1) cat.php and (2) add.php.
High
CVE-2006-3341
SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp for Xoops allows remote attackers to execute arbitrary SQL commands via the lid parameter.
2006-06-30
High
CVE-2006-3329
SQL injection vulnerability in search.php in PHP/MySQL Classifieds (PHP Classifieds) allows remote attackers to execute arbitrary SQL commands via the rate parameter.
High
CVE-2006-3332
SQL injection vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to execute arbitrary SQL commands via the (1) offset, (2) tid, (3) fromid, (4) sortby, (5) fromfrommethod, and (6)…
Low
CVE-2006-3333
Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2…
Medium
CVE-2006-3322
SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function.
2006-06-29
Medium
CVE-2006-3115
SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raid_id parameter.
Medium
CVE-2006-3318
SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1…
High
CVE-2006-3296
SQL injection vulnerability in view.php in Open Guestbook 0.5 allows remote attackers to execute arbitrary SQL commands via the offset parameter.
High
CVE-2006-3304
SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier allows remote attackers to execute arbitrary SQL commands via the xmsn parameter.
High
CVE-2006-3307
Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/…
High
CVE-2006-3309
SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal Toolkit (SPT) 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
2006-06-28
High
CVE-2006-3292
SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field).
High
CVE-2006-3271
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parame…
High
CVE-2006-3270
SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via multiple unspecified parameters, such as the add_link_mid parameter. NOTE:…
High
CVE-2006-3275
SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and earlier allows remote attackers to execute SQL commands via a double-encoded user parameter in a viewprofile action.
High
CVE-2006-3283
SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex…
High
CVE-2006-3254
SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.
High
CVE-2006-3255
SQL injection vulnerability in showmods.php in Woltlab Burning Board (WBB) 1.2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.
High
CVE-2006-3256
SQL injection vulnerability in report.php in Woltlab Burning Board (WBB) 2.3.1 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
2006-06-27
High
CVE-2006-3262
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
High
CVE-2006-3263
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
High
CVE-2006-3267
SQL injection vulnerability in index.php in Infinite Core Technologies (ICT) 1.0 Gold and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.
High
CVE-2006-3234
Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) produkt, (2) id_produc, and (3) id_kat parameters.
High
CVE-2006-3236
Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the…
High
CVE-2006-3238
Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) MemberID parameter to rank.php, and the (2) QuranID parameter to…
High
CVE-2006-3239
SQL injection vulnerability in message.php in VBZooM 1.11 and earlier allows remote attackers to execute arbitrary SQL commands via the UserID parameter.
High
CVE-2006-3243
SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) 1.0 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the showcodebuttons parameter.
Medium
CVE-2006-3244
Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order parameter in buglist.php and the (2) bug parameter in qu…
High
CVE-2006-3249
SQL injection vulnerability in search.php in Phorum 5.1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the vendor has disputed this report, st…
2006-06-24
High
CVE-2006-3218
SQL injection vulnerability in profile.php in Woltlab Burning Board (WBB) 2.1.6 allows remote attackers to execute arbitrary SQL commands via the userid parameter.
High
CVE-2006-3219
SQL injection vulnerability in thread.php in Woltlab Burning Board (WBB) 2.2.2 allows remote attackers to execute arbitrary SQL commands via the threadid parameter.
High
CVE-2006-3220
SQL injection vulnerability in studienplatztausch.php in Woltlab Burning Board (WBB) 2.2.1 allows remote attackers to execute arbitrary SQL commands via the sid parameter.
High
CVE-2006-3221
SQL injection vulnerability in index.php in DataLife Engine 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded values in the user parameter in a userinfo sub…
High
CVE-2006-3213
SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter to an unspecified script, possibly host/yeni_host.asp.
2006-06-23
Medium
CVE-2006-2915
Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat param…
High
CVE-2006-3168
SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut…
High
CVE-2006-3176
SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2006-3181
SQL injection vulnerability in index.php in MobeScripts Mobile Space Community 2.0 allows remote attackers to execute arbitrary SQL commands via the browse parameter.
Medium
CVE-2006-3187
Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) maingroup and (2) secondgroup parameter…
High
CVE-2006-3188
Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) maingroup and (2) secondgroup parameters to (a) search_pr…
High
CVE-2006-3190
SQL injection vulnerability in administration/includes/login/auth.php in HotPlug CMS 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (…
2006-06-22
High
CVE-2006-3139
Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and…
High
CVE-2006-3140
SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2006-3142
SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter.
High
CVE-2006-3148
SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php.
High
CVE-2006-3150
SQL injection vulnerability in index.php in CavoxCms 1.0.16 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.
High
CVE-2006-3152
Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sectio parameter in (a) login.php, (b) write_newad.php, (c…
High
CVE-2006-3154
SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
High
CVE-2006-3161
SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter.
High
CVE-2006-3163
Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start or (2) sort parameters.
High
CVE-2006-3164
SQL injection vulnerability in category.php in TPL Design tplShop 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the first_row parameter.
High
CVE-2006-3165
SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.
High
CVE-2006-3130
SQL injection vulnerability in index.php in Clubpage allows remote attackers to execute arbitrary SQL commands via the category parameter.
2006-06-21
High
CVE-2006-2911
SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 build 008 allows remote attackers to execute arbitrary SQL commands via the username parameter.
High
CVE-2006-3111
Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) ma…
2006-06-19
Medium
CVE-2006-3090
Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and possibly 1.2 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_pays…
Medium
CVE-2006-3094
Multiple SQL injection vulnerabilities in Calendarix Basic 0.7.20060401 and earlier, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter in (…
High
CVE-2006-3096
Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) forum parameter in messagepost.cfm and (2) topic parameter…
High
CVE-2006-3012
SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.…
High
CVE-2006-3064
SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to exe…
High
CVE-2006-3065
SQL injection vulnerability in engine/shards/blog.php in blur6ex 0.3.462 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a proc_reply action in the blog shard. NOTE…