CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2010(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-2098 Sql 2010-05-27 2012-12-12
7.5
None Remote Low Not required Partial Partial Partial
Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 and earlier allows remote attackers to conduct SQL injection attacks via the loginname parameter.
2 CVE-2010-2095 89 Exec Code Sql 2010-05-27 2010-05-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.
3 CVE-2010-2092 89 Exec Code Sql Bypass 2010-05-27 2012-02-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via a crafted rra_id parameter in a GET request in conjunction with a valid rra_id value in a POST request or a cookie, which causes the POST or cookie value to bypass the validation routine, but inserts the $_GET value into the resulting query.
4 CVE-2010-2051 89 2 Exec Code Sql 2010-05-25 2010-05-26
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in article.php in Debliteck DBCart allows remote attackers to execute arbitrary SQL commands via the id parameter.
5 CVE-2010-2047 89 1 Exec Code Sql 2010-05-25 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewcategory action. NOTE: some of these details are obtained from third party information.
6 CVE-2010-2044 89 2 Exec Code Sql 2010-05-25 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Konsultasi (com_konsultasi) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in a detail action to index.php.
7 CVE-2010-2042 89 2 Exec Code Sql 2010-05-25 2010-05-26
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php in ECShop 2.7.2 allows remote attackers to execute arbitrary SQL commands via the encode parameter. NOTE: some of these details are obtained from third party information.
8 CVE-2010-2019 89 Exec Code Sql 2010-05-24 2010-05-24
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the file parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
9 CVE-2010-2016 89 2 Exec Code Sql 2010-05-24 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in details.php in Iceberg CMS allows remote attackers to execute arbitrary SQL commands via the p_id parameter.
10 CVE-2010-2015 89 Exec Code Sql 2010-05-24 2010-05-24
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a view_inbox action to cp/cp_messages.php or (2) the id parameter to cp/edit_email.php.
11 CVE-2010-2012 89 1 Exec Code Sql 2010-05-24 2010-05-24
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in function.php in MigasCMS 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo action. NOTE: some of these details are obtained from third party information.
12 CVE-2010-1994 89 Exec Code Sql 2010-05-20 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATH_INFO.
13 CVE-2010-1950 89 Exec Code Sql 2010-05-19 2010-05-19
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the date_info parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
14 CVE-2010-1949 89 1 Exec Code Sql 2010-05-19 2010-05-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Online News Paper Manager (com_jnewspaper) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php. NOTE: some of these details are obtained from third party information.
15 CVE-2010-1925 89 2 Exec Code Sql 2010-05-12 2010-05-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-2817.
16 CVE-2010-1924 89 1 Exec Code Sql 2010-05-12 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shopping Multi Portal System allows remote attackers to execute arbitrary SQL commands via the artikel parameter.
17 CVE-2010-1923 89 1 Exec Code Sql 2010-05-12 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 Social Network Freunde Community System allows remote attackers to execute arbitrary SQL commands via the id parameter in a showgallery action.
18 CVE-2010-1918 89 1 Exec Code Sql 2010-05-12 2010-05-12
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter.
19 CVE-2010-1877 89 2 Exec Code Sql 2010-05-12 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JTM Reseller (com_jtm) component 1.9 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter in a search action to index.php.
20 CVE-2010-1876 89 2 Exec Code Sql 2010-05-12 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.
21 CVE-2010-1874 89 1 Exec Code Sql 2010-05-12 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information.
22 CVE-2010-1873 89 2 Exec Code Sql 2010-05-12 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. NOTE: some of these details are obtained from third party information.
23 CVE-2010-1867 89 Exec Code Sql 2010-05-07 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the ArticleAttachment::GetAttachmentsByArticleNumber method in javascript/tinymcs/plugins/campsiteattachment/attachments.php in Campsite 3.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
24 CVE-2010-1865 89 Exec Code Sql 2010-05-07 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the IP address to the cs_getip function in generate.php in the Captcha module, or (2) the s_email parameter to the cs_sql_select function in the MySQL database driver (mysql.php).
25 CVE-2010-1863 89 Exec Code Sql 2010-05-07 2010-05-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the shoutbox module (modules/shoutbox.php) in ClanTiger 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the s_email parameter.
26 CVE-2010-1859 89 Exec Code Sql 2010-05-07 2010-05-10
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the membercookie cookie when adding a new thread.
27 CVE-2010-1857 89 Exec Code Sql 2010-05-07 2010-06-13
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prod parameter in a products.details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
28 CVE-2010-1855 89 2 Exec Code Sql 2010-05-07 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.
29 CVE-2010-1745 89 Exec Code Sql 2010-05-06 2010-05-21
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in javascript/tinymce/plugins/campsiteattachment/attachments.php in Campsite 3.2 through 3.3.5 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
30 CVE-2010-1744 89 2 Exec Code Sql 2010-05-06 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in product.html in B2B Gold Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
31 CVE-2010-1743 89 2 Exec Code Sql 2010-05-06 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in projects.php in Scratcher allows remote attackers to execute arbitrary SQL commands via the id parameter.
32 CVE-2010-1741 89 1 Exec Code Sql 2010-05-06 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in request_account.php in Billwerx RC 5.2.2 PL2 allows remote attackers to execute arbitrary SQL commands via the primary_number parameter.
33 CVE-2010-1740 89 2 Exec Code Sql 2010-05-06 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows remote attackers to execute arbitrary SQL commands via the lng parameter.
34 CVE-2010-1739 89 2 Exec Code Sql 2010-05-06 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the feedid parameter in a categories action to index.php.
35 CVE-2010-1733 89 Exec Code Sql 2010-05-06 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in OCS Inventory NG before 1.02.3 allow remote attackers to execute arbitrary SQL commands via (1) multiple inventory fields to the search form, reachable through index.php; or (2) the "Software name" field to the "All softwares" search form, reachable through index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
36 CVE-2010-1727 89 2 Exec Code Sql 2010-05-06 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in type.asp in JobPost 1.0 allows remote attackers to execute arbitrary SQL commands via the iType parameter. NOTE: some of these details are obtained from third party information.
37 CVE-2010-1726 89 2 Exec Code Sql 2010-05-06 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
38 CVE-2010-1725 89 2 Exec Code Sql 2010-05-06 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in offers_buy.php in Alibaba Clone Platinum allows remote attackers to execute arbitrary SQL commands via the id parameter.
39 CVE-2010-1721 89 1 Exec Code Sql 2010-05-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php.
40 CVE-2010-1720 89 1 Exec Code Sql 2010-05-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php.
41 CVE-2010-1716 89 1 Exec Code Sql 2010-05-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Agenda Address Book (com_agenda) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
42 CVE-2010-1713 89 2 Exec Code Sql 2010-05-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action.
43 CVE-2010-1708 89 2 Exec Code Sql 2010-05-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter).
44 CVE-2010-1706 89 2 Exec Code Sql 2010-05-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. NOTE: some of these details are obtained from third party information.
45 CVE-2010-1705 89 1 Exec Code Sql 2010-05-04 2010-05-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in casting_view.php in Modelbook allows remote attackers to execute arbitrary SQL commands via the adnum parameter.
46 CVE-2010-1704 89 2 Exec Code Sql 2010-05-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information.
47 CVE-2010-1702 89 2 Exec Code Sql 2010-05-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in submitticket.php in WHMCompleteSolution (WHMCS) 4.2 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.
48 CVE-2010-1701 89 1 Exec Code Sql 2010-05-04 2010-05-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter.
49 CVE-2010-1661 89 2 Exec Code Sql 2010-05-03 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) 3.0.21 allow remote attackers to execute arbitrary SQL commands via the (1) phpqa_user_c parameter to Arcade.php and the (2) id parameter to acpmoderate.php.
50 CVE-2010-1660 89 2 Exec Code Sql 2010-05-03 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in help-details.php in CLScript Classifieds Script allows remote attackers to execute arbitrary SQL commands via the hpId parameter.
Total number of vulnerabilities : 63   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.