CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2003(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2003-1533 89 Exec Code Sql 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.
2 CVE-2003-1532 89 Exec Code Sql 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters.
3 CVE-2003-1530 89 Exec Code Sql 2003-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.
4 CVE-2003-1523 89 Exec Code Sql 2003-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors.
5 CVE-2003-1520 89 Exec Code Sql 2003-12-31 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.
6 CVE-2003-1504 89 Exec Code Sql 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php.
7 CVE-2003-1458 89 Exec Code Sql 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name.
8 CVE-2003-1435 89 Exec Code Sql 2003-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
9 CVE-2003-1340 89 Exec Code Sql 2003-12-31 2010-06-23
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
10 CVE-2003-1315 Exec Code Sql 2003-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 and earlier allows remote attackers to execute arbitrary SQL commands.
11 CVE-2003-1268 Sql +Info 2003-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) addprod.asp, and (3) process.asp in a.shopKart 2.0.3 allow remote attackers to execute arbitrary SQL and obtain sensitive information via the zip, state, country, phone, and fax parameters.
12 CVE-2003-1244 89 Sql 2003-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
13 CVE-2003-1216 +Priv Sql 2003-11-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.
14 CVE-2003-1215 Sql 2003-12-29 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier allows group moderators to perform unauthorized activities via the sql_in parameter.
15 CVE-2003-1210 Exec Code Sql 2003-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 5.x through 6.5 allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to the getit function or the (2) min parameter to the search function.
16 CVE-2003-1196 Exec Code Sql 2003-11-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
17 CVE-2003-1195 Exec Code Sql 2003-11-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 allows remote attackers to execute arbitrary SQL commands via the msn variable.
18 CVE-2003-1193 Exec Code Sql 2003-11-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
19 CVE-2003-1185 Sql 2003-11-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 allow remote attackers to inject arbitrary SQL commands via various vectors including (1) Admin-Center, (2) Announcements, (3) admin/calendar.php, and (4) showevent.php.
20 CVE-2003-1103 Exec Code Sql 2003-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS before 3.9 allows remote attackers to execute arbitrary SQL commands.
21 CVE-2003-0874 Sql 2003-11-17 2008-09-05
5.0
None Remote Low Not required None Partial None
Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier allow remote attackers to insert arbitrary SQL and conduct unauthorized activities via (1) the cat parameter in faq.php, (2) the article parameter in faq.php, (3) the tickedid parameter in view.php, and (4) the Password entry on the logon screen.
22 CVE-2003-0779 Sql 2003-09-22 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string.
23 CVE-2003-0752 Sql Bypass 2003-10-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possibly earlier versions, allows remote attackers to bypass authentication via a modified cook_id parameter.
24 CVE-2003-0751 Sql 2003-10-20 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and earlier allows remote attackers to execute arbitrary SQL queries via the email parameter.
25 CVE-2003-0735 Sql 2003-10-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter.
26 CVE-2003-0657 Sql 2003-08-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the infolog module for phpgroupware 0.9.14 and earlier could allow remote attackers to conduct unauthorized database actions.
27 CVE-2003-0585 Exec Code Sql Bypass 2003-08-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to bypass authentication and execute arbitrary SQL code via the (1) user or (2) pass parameters.
28 CVE-2003-0560 +Priv Sql 2003-08-18 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in shopexd.asp for VP-ASP allows remote attackers to gain administrator privileges via the id parameter.
29 CVE-2003-0557 Sql +Info 2003-08-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login.asp for StoreFront 6.0, and possibly earlier versions, allows remote attackers to obtain sensitive user information via SQL statements in the password field.
30 CVE-2003-0522 +Priv Sql 2003-08-18 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp.
31 CVE-2003-0515 +Priv Sql 2003-08-18 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authentication modules for teapop 0.3.5 and earlier allow attackers to execute arbitrary SQL and possibly gain privileges.
32 CVE-2003-0509 +Priv Sql 2003-08-07 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allows remote attackers to steal authentication information and gain privileges via the ProductCode parameter in (1) 10expand.asp, (2) 10browse.asp, and (3) 20review.asp.
33 CVE-2003-0500 +Priv Sql Bypass 2003-08-07 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name.
34 CVE-2003-0486 Sql 2003-08-07 2008-09-05
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.
35 CVE-2003-0377 Exec Code Sql 2003-06-16 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP.
36 CVE-2003-0331 +Priv Sql 2003-06-09 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in ttForum allows remote attackers to execute arbitrary SQL and gain ttForum Administrator privileges via the Ignorelist-Textfield argument in the Preferences page.
37 CVE-2003-0303 Sql 2003-06-09 2008-09-05
5.0
None Remote Low Not required None Partial None
SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter.
38 CVE-2003-0286 89 1 Sql 2003-06-16 2009-07-27
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in register.asp in Snitz Forums 2000 before 3.4.03, and possibly 3.4.07 and earlier, allows remote attackers to execute arbitrary stored procedures via the Email variable.
39 CVE-2003-0279 Sql 2003-06-16 2008-09-05
2.6
None Remote High Not required Partial None None
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.
40 CVE-2003-0215 Sql Bypass 2003-05-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allows remote attackers to bypass authentication via the (1) username and (2) password fields, and possibly other fields.
41 CVE-2003-0118 Exec Code Sql 2003-05-12 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
42 CVE-2003-0040 Exec Code Sql 2003-02-19 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
43 CVE-2003-0025 +Priv Sql 2003-01-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow remote attackers to perform unauthorized database activities and possibly gain privileges via certain database functions such as check_prefs() in db.pgsql, as demonstrated using mailbox.php3.
44 CVE-2002-1505 +Priv Sql 2003-04-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter.
45 CVE-2002-1499 Sql 2003-04-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp.
46 CVE-2002-1482 +Priv Sql 2003-04-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in login.php for phpGB 1.20 and earlier, when magic_quotes_gpc is not enabled, allows remote attackers to gain administrative privileges via SQL code in the password entry.
47 CVE-2002-1465 Exec Code Sql 2003-04-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote attackers to execute arbitrary SQL code via the tablehosts variable.
48 CVE-2002-1457 Sql 2003-06-09 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter.
49 CVE-2002-1421 Sql 2003-04-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.
Total number of vulnerabilities : 49   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.