SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php.
Max CVSS
2.1
EPSS Score
0.62%
Published
2006-04-29
Updated
2018-10-18
SQL injection vulnerability in func_msg.php in Invision Power Board (IPB) 2.1.4 allows remote attackers to execute arbitrary SQL commands via the from_contact field in a private message (PM).
Max CVSS
7.5
EPSS Score
1.12%
Published
2006-04-29
Updated
2018-10-18
Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) username parameters.
Max CVSS
7.5
EPSS Score
0.16%
Published
2006-04-29
Updated
2018-10-18
Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open Bulletin Board (OpenBB) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via (1) the FID parameter in board.php and (2) the TID parameter in read.php. NOTE: the SQL injection issues are already covered by CVE-2005-1612 (read.php) and CVE-2005-2566 (board.php).
Max CVSS
4.3
EPSS Score
0.23%
Published
2006-04-29
Updated
2018-10-18

CVE-2006-2081

Public exploit
Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. NOTE: this issue was originally linked to DB05 (CVE-2006-1870), but a reliable third party has claimed that it is not the same issue. Based on details of the problem, the primary issue appears to be insecure privileges that facilitate the introduction of SQL in a way that is not related to special characters, so this is not "SQL injection" per se.
Max CVSS
4.6
EPSS Score
97.35%
Published
2006-04-27
Updated
2018-10-18
SQL injection vulnerability in portfolio_photo_popup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the count_click function in includes/functions/fns_std.php. NOTE: this issue could produce resultant XSS.
Max CVSS
6.8
EPSS Score
2.34%
Published
2006-04-27
Updated
2018-10-18
SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter.
Max CVSS
7.5
EPSS Score
0.48%
Published
2006-04-27
Updated
2018-10-18
SQL injection vulnerability in save.php in PHPSurveyor 0.995 and earlier allows remote attackers to execute arbitrary SQL commands via the surveyid cookie. NOTE: this issue could be leveraged to execute arbitrary PHP code, as demonstrated by inserting directory traversal sequences into the database, which are then processed by the thissurvey['language'] variable.
Max CVSS
7.5
EPSS Score
0.78%
Published
2006-04-27
Updated
2018-10-18
Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to execute arbitrary SQL commands via the (1) banner parameter in agent_links.pl; the offset parameter in (2) agent_links.pl, (3) agent_transactions.pl, (4) agent_subaffiliates.pl, and (5) agent_summary.pl; the camp_id parameter in (6) agent_transactions_csv.pl, (7) agent_subaffiliates.pl, and (8) agent_camp_det.pl; the (9) login parameter in agent_commission_statement.pl; the logged parameter in (10) agent_commission_statement.pl and (11) agent_camp_det.pl; the (12) agent_id parameter in agent_commission_statement.pl; and the (13) sub parameter in unspecified files.
Max CVSS
6.4
EPSS Score
1.35%
Published
2006-04-26
Updated
2008-11-03
SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.
Max CVSS
5.0
EPSS Score
3.27%
Published
2006-04-26
Updated
2018-10-18
Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the OrderID parameter in (a) shipping.cfm and (b) checkout.cfm, (2) ItemID parameter in (c) proddetail.cfm, (3) SubCatID parameter in (d) index.cfm, the (4) CategoryID parameter in (e) prodpage.cfm, and (5) ProdID parameter in (f) Details.cfm. NOTE: these issues can also be exploited for path disclosure.
Max CVSS
6.4
EPSS Score
0.62%
Published
2006-04-26
Updated
2017-07-20
SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter.
Max CVSS
5.0
EPSS Score
0.60%
Published
2006-04-26
Updated
2018-10-18
Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. NOTE: the behavior for the category, keywords, and ProdID parameters might be resultant from SQL injection.
Max CVSS
5.0
EPSS Score
0.70%
Published
2006-04-26
Updated
2017-07-20
Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm.
Max CVSS
6.4
EPSS Score
0.88%
Published
2006-04-26
Updated
2017-10-11
Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 allow remote attackers to execute arbitrary SQL commands via the (1) cat, (2) pic and (3) page parameter in index.php; (4) id parameter in postcard.php; and (5) cat parameter in print.php.
Max CVSS
6.4
EPSS Score
0.70%
Published
2006-04-26
Updated
2018-10-18
Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
Max CVSS
7.5
EPSS Score
0.44%
Published
2006-04-26
Updated
2017-07-20
Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detail.cfm; and (3) cat parameter in (d) category.cfm.
Max CVSS
7.5
EPSS Score
0.62%
Published
2006-04-26
Updated
2017-07-20
SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php.
Max CVSS
7.5
EPSS Score
0.31%
Published
2006-04-26
Updated
2018-10-18
Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php.
Max CVSS
6.4
EPSS Score
0.46%
Published
2006-04-26
Updated
2018-10-18
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php.
Max CVSS
6.4
EPSS Score
0.88%
Published
2006-04-26
Updated
2018-10-18
SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. NOTE: the affected version has been disputed by the vendor. It appears that this is the same issue as CVE-2004-0036, which was fixed in 2.3.4.
Max CVSS
7.5
EPSS Score
0.16%
Published
2006-04-25
Updated
2018-10-18
SQL injection vulnerability in page.php in SL_site 1.0 allows remote attackers to execute arbitrary SQL commands via the id_page parameter. NOTE: this issue could be used to produce resultant XSS from an error message.
Max CVSS
7.5
EPSS Score
1.31%
Published
2006-04-25
Updated
2017-07-20
Multiple SQL injection vulnerabilities in check_login.asp in Bloggage allow remote attackers to execute arbitrary SQL commands via the (1) acc_name and (2) password parameter.
Max CVSS
7.5
EPSS Score
0.56%
Published
2006-04-25
Updated
2018-10-18
Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields.
Max CVSS
7.5
EPSS Score
1.06%
Published
2006-04-25
Updated
2018-10-18
SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_username COOKIE parameter.
Max CVSS
7.5
EPSS Score
0.10%
Published
2006-04-21
Updated
2018-10-18
96 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!