CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2007(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-6602 89 1 Exec Code Sql 2007-12-31 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in app/models/identity.php in NoseRub 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username field to the login script.
2 CVE-2007-6587 89 Exec Code Sql 2007-12-28 2012-10-22
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
3 CVE-2007-6586 89 1 Exec Code Sql 2007-12-28 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php.
4 CVE-2007-6583 89 1 Exec Code Sql 2007-12-28 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter.
5 CVE-2007-6580 89 1 Exec Code Sql 2007-12-28 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to editadgroup.php.
6 CVE-2007-6579 89 1 Exec Code Sql 2007-12-28 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id parameter to nodelist.php; and unspecified other vectors. NOTE: it was later reported that the vlanview.php and vlandel.php vectors are also in 0.4.
7 CVE-2007-6578 89 1 Exec Code Sql 2007-12-28 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
8 CVE-2007-6577 89 1 Exec Code Sql 2007-12-28 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the categ parameter in a categ action or (2) the article parameter in an articles action.
9 CVE-2007-6576 89 1 Exec Code Sql 2007-12-28 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) videolink_count.php or (2) links.php.
10 CVE-2007-6575 89 1 Exec Code Sql 2007-12-28 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in default.php in MMSLamp allows remote attackers to execute arbitrary SQL commands via the idpro parameter in a prodotti_dettaglio action.
11 CVE-2007-6566 89 1 Exec Code Sql 2007-12-28 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php.
12 CVE-2007-6565 89 1 Exec Code Sql 2007-12-28 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to an arbitrary component.
13 CVE-2007-6559 89 Exec Code Sql 2007-12-27 2009-04-02
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php.
14 CVE-2007-6557 89 1 Exec Code Sql 2007-12-27 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors.
15 CVE-2007-6556 89 1 Exec Code Sql 2007-12-27 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp.
16 CVE-2007-6551 89 1 Exec Code Sql 2007-12-27 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter.
17 CVE-2007-6544 89 2 Exec Code Sql 2007-12-27 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
18 CVE-2007-6543 89 1 Exec Code Sql 2007-12-27 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
19 CVE-2007-6540 89 Exec Code Sql 2007-12-27 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/.
20 CVE-2007-6538 89 Exec Code Sql 2007-12-27 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
21 CVE-2007-6518 89 Exec Code Sql 2007-12-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters.
22 CVE-2007-6517 89 Exec Code Sql 2007-12-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information.
23 CVE-2007-6498 89 1 Exec Code Sql 2007-12-20 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.
24 CVE-2007-6491 89 Exec Code Sql 2007-12-20 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp.
25 CVE-2007-6484 89 Exec Code Sql 2007-12-20 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
26 CVE-2007-6472 89 1 Exec Code Sql 2007-12-20 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information.
27 CVE-2007-6469 89 Exec Code Sql 2007-12-19 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qutoes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
28 CVE-2007-6467 89 Exec Code Sql 2007-12-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.
29 CVE-2007-6466 89 2 Exec Code Sql 2007-12-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the prod parameter in a details action, (2) the cat parameter in a browse list action, or (3) the group parameter in a categories action. NOTE: it was later reported that MOG - Web Shop (MOG-WebShop), a product based on the same code, is also affected.
30 CVE-2007-6462 89 1 Exec Code Sql 2007-12-19 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.
31 CVE-2007-6458 89 1 Exec Code Sql 2007-12-19 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php.
32 CVE-2007-6394 89 1 Exec Code Sql 2007-12-17 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action.
33 CVE-2007-6393 89 1 Exec Code Sql 2007-12-17 2008-09-05
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode.
34 CVE-2007-6392 89 1 Exec Code Sql 2007-12-17 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI.
35 CVE-2007-6391 89 1 Exec Code Sql 2007-12-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in patch/comments.php in SH-News 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
36 CVE-2007-6381 89 Exec Code Sql 2007-12-14 2008-11-15
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
37 CVE-2007-6380 89 Exec Code Sql 2007-12-14 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266.
38 CVE-2007-6375 89 Exec Code Sql 2007-12-14 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code in the Search box, but this is probably a forced SQL error or other separate primary issue.
39 CVE-2007-6373 89 Exec Code Sql 2007-12-14 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the (1) categorie parameter to catdownload.php, or the id parameter to (2) download.php or (3) hitcounter.php.
40 CVE-2007-6366 89 1 Exec Code Sql 2007-12-14 2009-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators.
41 CVE-2007-6362 89 1 Exec Code Sql 2007-12-14 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action.
42 CVE-2007-6345 89 Exec Code Sql 2007-12-13 2008-11-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information.
43 CVE-2007-6342 89 Exec Code Sql 2007-12-13 2009-04-01
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
44 CVE-2007-6338 89 Exec Code Sql 2007-12-14 2014-03-03
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill Enterprise Learning Management System 4.1 SP4 allows remote attackers to execute arbitrary SQL commands via the user parameter (username field). NOTE: some of these details are obtained from third party information.
45 CVE-2007-6318 89 Exec Code Sql 2007-12-11 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.
46 CVE-2007-6311 89 1 Exec Code Sql 2007-12-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter.
47 CVE-2007-6299 20 Exec Code Sql 2007-12-10 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules.
48 CVE-2007-6292 89 1 Exec Code Sql 2007-12-10 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
49 CVE-2007-6291 89 Exec Code Sql 2007-12-10 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter.
50 CVE-2007-6288 89 Exec Code Sql 2007-12-10 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
Total number of vulnerabilities : 706   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.