SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527).
Max CVSS
7.5
EPSS Score
1.22%
Published
2006-11-30
Updated
2018-10-17
Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.21%
Published
2006-11-28
Updated
2017-10-11
SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.17%
Published
2006-11-28
Updated
2017-10-19
SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter.
Max CVSS
7.5
EPSS Score
20.26%
Published
2006-11-28
Updated
2018-10-17
Multiple SQL injection vulnerabilities in addrating.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ipadd or (2) url parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.14%
Published
2006-11-28
Updated
2017-07-29
Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp, or the (2) keyword, (3) order, (4) sort, (5) menuSelect, or (6) state parameter to (b) search.asp.
Max CVSS
7.5
EPSS Score
0.47%
Published
2006-11-28
Updated
2018-10-17
SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the tID parameter.
Max CVSS
7.5
EPSS Score
0.17%
Published
2006-11-28
Updated
2017-10-19
Multiple SQL injection vulnerabilities in JiRos Links Manager allow remote attackers to execute arbitrary SQL commands via the (1) LinkID parameter to openlink.asp or the (2) CategoryID parameter to viewlinks.asp.
Max CVSS
7.5
EPSS Score
0.66%
Published
2006-11-28
Updated
2018-10-17
Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp.
Max CVSS
7.5
EPSS Score
0.73%
Published
2006-11-28
Updated
2018-10-17
SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter.
Max CVSS
7.5
EPSS Score
0.17%
Published
2006-11-26
Updated
2017-10-19
SQL injection vulnerability in default2.asp in fipsForum 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the kat parameter.
Max CVSS
7.5
EPSS Score
0.17%
Published
2006-11-26
Updated
2017-10-19
SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the fid parameter.
Max CVSS
7.5
EPSS Score
0.17%
Published
2006-11-26
Updated
2017-10-19
Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in product.asp or (2) search parameter in search.asp. NOTE: the category.asp vector is already covered by CVE-2004-1873.
Max CVSS
7.5
EPSS Score
0.71%
Published
2006-11-26
Updated
2018-10-17
Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech Content Management System product allow remote attackers to execute arbitrary SQL commands via the (1) vjob parameter in publications_list.asp or (2) InfoID parameter in publication_view.asp.
Max CVSS
7.5
EPSS Score
0.20%
Published
2006-11-26
Updated
2018-10-17
Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp.
Max CVSS
7.5
EPSS Score
2.26%
Published
2006-11-26
Updated
2017-07-20
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094.
Max CVSS
7.5
EPSS Score
0.17%
Published
2006-11-24
Updated
2017-07-20
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to activenews_search.asp.
Max CVSS
7.5
EPSS Score
0.70%
Published
2006-11-24
Updated
2018-10-17
Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 Auto Gallery allow remote attackers to execute arbitrary SQL commands via the (1) vehicleID, (2) categoryID_list, (3) sale_type, (4) stock_number, (5) manufacturer, (6) model, (7) vehicleID, (8) year, (9) vin, and (10) listing_price parameters.
Max CVSS
7.5
EPSS Score
0.47%
Published
2006-11-24
Updated
2018-10-17
Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp.
Max CVSS
7.5
EPSS Score
0.70%
Published
2006-11-24
Updated
2018-10-17
SQL injection vulnerability in search.asp in CreaScripts Creadirectory allows remote attackers to execute arbitrary SQL commands via the category parameter.
Max CVSS
7.5
EPSS Score
0.40%
Published
2006-11-24
Updated
2018-10-17
Multiple SQL injection vulnerabilities in categories.asp in gNews Publisher allow remote attackers to execute arbitrary SQL commands via the (1) catID or (2) editorID parameter.
Max CVSS
7.5
EPSS Score
0.32%
Published
2006-11-24
Updated
2018-10-17
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier.
Max CVSS
7.5
EPSS Score
0.75%
Published
2006-11-24
Updated
2018-10-17
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp.
Max CVSS
7.5
EPSS Score
0.11%
Published
2006-11-24
Updated
2017-07-20
SQL injection vulnerability in bpg/publications_list.asp in BPG-InfoTech Easy Publisher and Smart Publisher//Pro 2.7.7 allows remote attackers to execute arbitrary SQL commands via the vjob parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.30%
Published
2006-11-24
Updated
2011-03-08
SQL injection vulnerability in module/account/register/register.asp in ASP Nuke 0.80 and earlier allows remote attackers to execute arbitrary SQL commands via the StateCode parameter.
Max CVSS
7.5
EPSS Score
0.35%
Published
2006-11-22
Updated
2018-10-17
97 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!