Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 and 1.01 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php, a variant of a SQL injection issue that was fixed in 1.01. NOTE: some of these details are obtained from third party information.
Max CVSS
6.4
EPSS Score
0.25%
Published
2007-02-27
Updated
2011-03-08
Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of these details are obtained from third party information.
Max CVSS
6.4
EPSS Score
0.51%
Published
2007-02-27
Updated
2017-07-29
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.
Max CVSS
7.5
EPSS Score
90.33%
Published
2007-02-26
Updated
2018-10-16
SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.12%
Published
2007-02-22
Updated
2008-11-15
SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke 8.0 Final and earlier, when the "HTTP Referers" block is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header (HTTP_REFERER variable).
Max CVSS
6.8
EPSS Score
91.69%
Published
2007-02-22
Updated
2018-10-16
SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter.
Max CVSS
7.5
EPSS Score
6.64%
Published
2007-02-21
Updated
2017-10-19
SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
Max CVSS
7.5
EPSS Score
0.27%
Published
2007-02-21
Updated
2018-10-19
SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
86.55%
Published
2007-02-21
Updated
2018-10-16
SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.17%
Published
2007-02-21
Updated
2017-10-11
SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.35%
Published
2007-02-21
Updated
2017-07-29
SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.
Max CVSS
10.0
EPSS Score
0.40%
Published
2007-02-21
Updated
2017-10-11
SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388.
Max CVSS
6.8
EPSS Score
1.05%
Published
2007-02-21
Updated
2017-10-11
SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the combination of the HaberDetay.asp component and the id parameter is already covered by another February 2007 CVE candidate.
Max CVSS
7.5
EPSS Score
0.19%
Published
2007-02-21
Updated
2011-03-08
SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
10.0
EPSS Score
0.30%
Published
2007-02-21
Updated
2017-10-11
SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action.
Max CVSS
7.5
EPSS Score
0.09%
Published
2007-02-16
Updated
2017-10-11
SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp.
Max CVSS
7.5
EPSS Score
0.34%
Published
2007-02-16
Updated
2017-10-11
Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the attack vector might involve _SERVER.
Max CVSS
7.5
EPSS Score
0.97%
Published
2007-02-16
Updated
2018-10-16
Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input.
Max CVSS
7.5
EPSS Score
0.85%
Published
2007-02-16
Updated
2018-10-16
SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Max CVSS
7.5
EPSS Score
0.40%
Published
2007-02-15
Updated
2018-10-16
SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
Max CVSS
7.5
EPSS Score
0.40%
Published
2007-02-14
Updated
2017-10-19
SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter to index.php.
Max CVSS
7.5
EPSS Score
0.41%
Published
2007-02-13
Updated
2017-10-19
SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database
Max CVSS
7.5
EPSS Score
0.42%
Published
2007-02-12
Updated
2024-03-21
SQL injection vulnerability in comments.php in LushiNews 1.01 and earlier allows remote authenticated users to inject arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
14.23%
Published
2007-02-09
Updated
2017-10-19
SQL injection vulnerability in register.php in LushiWarPlaner 1.0 allows remote attackers to inject arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.82%
Published
2007-02-09
Updated
2017-10-19
SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers to execute arbitrary SQL commands via the Username form field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.31%
Published
2007-02-08
Updated
2017-07-29
49 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!