Security Vulnerabilities, CVEs, Published In 2001 (Sql injection) CVSS score >= 6
SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.
Max CVSS
7.5
EPSS Score
0.38%
Published
2001-12-31
Updated
2017-12-19
SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.
Max CVSS
7.5
EPSS Score
0.28%
Published
2001-10-13
Updated
2017-07-11
Bugzilla before 2.14 does not properly escape untrusted parameters, which could allow remote attackers to conduct unauthorized activities via cross-site scripting (CSS) and possibly SQL injection attacks on (1) the product or output form variables for reports.cgi, (2) the voteon, bug_id, and user variables for showvotes.cgi, (3) an invalid email address in createaccount.cgi, (4) an invalid ID in showdependencytree.cgi, (5) invalid usernames and other fields in process_bug.cgi, and (6) error messages in buglist.cgi.
Max CVSS
7.5
EPSS Score
0.48%
Published
2001-09-10
Updated
2016-10-18
The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.
Max CVSS
7.5
EPSS Score
0.35%
Published
2001-08-29
Updated
2017-07-11
TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter.
Max CVSS
7.5
EPSS Score
0.22%
Published
2001-05-28
Updated
2008-09-05
5 vulnerabilities found