SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry.
Max CVSS
10.0
EPSS Score
0.20%
Published
2003-04-22
Updated
2008-09-05
SQL injection vulnerability in ttForum allows remote attackers to execute arbitrary SQL and gain ttForum Administrator privileges via the Ignorelist-Textfield argument in the Preferences page.
Max CVSS
10.0
EPSS Score
0.20%
Published
2003-06-09
Updated
2016-10-18
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
Max CVSS
10.0
EPSS Score
0.21%
Published
2003-08-07
Updated
2008-09-05
SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.
Max CVSS
10.0
EPSS Score
0.85%
Published
2003-08-07
Updated
2017-07-11
Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp.
Max CVSS
10.0
EPSS Score
0.20%
Published
2003-08-18
Updated
2016-10-18
SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.
Max CVSS
10.0
EPSS Score
0.15%
Published
2003-08-18
Updated
2016-10-18
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.
Max CVSS
7.5
EPSS Score
0.22%
Published
2003-04-11
Updated
2008-09-05
SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter.
Max CVSS
7.5
EPSS Score
0.20%
Published
2003-06-09
Updated
2008-09-05
SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable.
Max CVSS
7.5
EPSS Score
0.19%
Published
2003-04-22
Updated
2008-09-05
Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp.
Max CVSS
7.5
EPSS Score
0.42%
Published
2003-04-02
Updated
2008-09-05
SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter.
Max CVSS
7.5
EPSS Score
0.22%
Published
2003-04-02
Updated
2008-09-05
Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.
Max CVSS
7.5
EPSS Score
0.71%
Published
2003-01-17
Updated
2016-10-18
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
Max CVSS
7.5
EPSS Score
0.26%
Published
2003-02-19
Updated
2017-10-10
SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
Max CVSS
7.5
EPSS Score
1.59%
Published
2003-05-12
Updated
2018-10-12
SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields.
Max CVSS
7.5
EPSS Score
0.45%
Published
2003-05-12
Updated
2016-10-18
SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable.
Max CVSS
7.5
EPSS Score
0.40%
Published
2003-06-16
Updated
2017-07-11
SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP.
Max CVSS
7.5
EPSS Score
3.17%
Published
2003-06-16
Updated
2024-02-13
SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges.
Max CVSS
7.5
EPSS Score
0.14%
Published
2003-08-18
Updated
2008-09-10
SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field.
Max CVSS
7.5
EPSS Score
0.17%
Published
2003-08-18
Updated
2016-10-18
SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters.
Max CVSS
7.5
EPSS Score
0.18%
Published
2003-08-18
Updated
2016-10-18
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions.
Max CVSS
7.5
EPSS Score
0.10%
Published
2003-08-27
Updated
2008-09-05
SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter.
Max CVSS
7.5
EPSS Score
0.23%
Published
2003-10-20
Updated
2016-10-18
SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2003-10-20
Updated
2008-09-10
SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cook_id parameter.
Max CVSS
7.5
EPSS Score
1.12%
Published
2003-10-20
Updated
2008-09-05
SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.
Max CVSS
7.5
EPSS Score
0.34%
Published
2003-09-22
Updated
2008-09-10
50 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!