CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2011(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-4646 94 Exec Code Sql 2011-11-30 2011-12-01
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in wp-postratings.php in the WP-PostRatings plugin 1.50, 1.61, and probably other versions before 1.62 for WordPress allows remote authenticated users with the Author role to execute arbitrary SQL commands via the id attribute of the ratings shortcode when creating a post. NOTE: some of these details are obtained from third party information.
2 CVE-2011-4571 89 1 Exec Code Sql 2011-11-29 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Estate Agent (com_estateagent) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showEO action to index.php.
3 CVE-2011-4570 89 1 Exec Code Sql 2011-11-29 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Time Returns (com_timereturns) component 2.0 and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a timereturns action to index.php.
4 CVE-2011-4569 89 1 Exec Code Sql 2011-11-29 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in userbarsettings.php in the Userbar plugin 2.2 for MyBB Forum allows remote attackers to execute arbitrary SQL commands via the image2 parameter.
5 CVE-2011-4559 89 Exec Code Sql 2011-11-28 2018-10-09
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.
6 CVE-2011-4542 89 Exec Code Sql 2011-11-29 2018-01-05
7.5
None Remote Low Not required Partial Partial Partial
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
7 CVE-2011-4215 89 Exec Code Sql 2011-11-01 2011-11-02
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action & Information Management System (AIMS) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the cookieName variable.
8 CVE-2011-4066 89 1 Exec Code Sql 2011-11-04 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.
9 CVE-2011-3989 89 Exec Code Sql 2011-11-04 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
10 CVE-2011-1915 89 Exec Code Sql 2011-11-01 2012-02-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution Management Solution 7.3.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
11 CVE-2011-1513 78 Sql 2011-11-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
12 CVE-2010-5062 89 2 Exec Code Sql 2011-11-22 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php in MH Products kleinanzeigenmarkt allows remote attackers to execute arbitrary SQL commands via the c parameter.
13 CVE-2010-5061 89 2 Exec Code Sql 2011-11-22 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in RSStatic allows remote attackers to execute arbitrary SQL commands via the maxarticles parameter.
14 CVE-2010-5060 89 2 Exec Code Sql 2011-11-22 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
15 CVE-2010-5059 89 2 Exec Code Sql 2011-11-22 2012-01-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action.
16 CVE-2010-5058 89 Exec Code Sql 2011-11-22 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the res_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
17 CVE-2010-5057 89 2 Exec Code Sql 2011-11-22 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the tipodoc_id parameter.
18 CVE-2010-5056 89 2 Exec Code Sql 2011-11-22 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.
19 CVE-2010-5055 89 2 Exec Code Sql 2011-11-22 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Almnzm 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
20 CVE-2010-5053 89 2 Exec Code Sql 2011-11-22 2011-11-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php.
21 CVE-2010-5049 89 1 Exec Code Sql 2011-11-22 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the nav_time parameter.
22 CVE-2010-5047 89 2 Exec Code Sql 2011-11-22 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in page.php in V-EVA Press Release Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
23 CVE-2010-5044 89 1 Exec Code Sql 2011-11-02 2017-08-28
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information.
24 CVE-2010-5043 89 1 Exec Code Sql 2011-11-02 2017-08-28
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php.
25 CVE-2010-5041 89 1 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action.
26 CVE-2010-5039 89 1 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in control/admin_login.php in ScriptsFeed Recipes Listing Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter (aka the UserName field). NOTE: some of these details are obtained from third party information.
27 CVE-2010-5037 89 2 Exec Code Sql 2011-11-02 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
28 CVE-2010-5036 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
29 CVE-2010-5034 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.
30 CVE-2010-5033 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter.
31 CVE-2010-5032 89 1 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php.
32 CVE-2010-5029 89 1 Exec Code Sql 2011-11-02 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the show parameter in a web action.
33 CVE-2010-5028 89 1 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
34 CVE-2010-5026 89 2 Exec Code Sql 2011-11-02 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these details are obtained from third party information.
35 CVE-2010-5024 89 1 Exec Code Sql 2011-11-02 2018-10-10
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in manage/add_user.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote authenticated users, with Read privileges, to execute arbitrary SQL commands via the user_id parameter. NOTE: some of these details are obtained from third party information.
36 CVE-2010-5023 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.asp in Digital Interchange Calendar 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intDivisionID parameter.
37 CVE-2010-5022 89 1 Exec Code Sql 2011-11-02 2011-11-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
38 CVE-2010-5021 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view_group.asp in Digital Interchange Document Library 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intGroupID parameter.
39 CVE-2010-5020 89 1 Exec Code Sql 2011-11-02 2013-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
40 CVE-2010-5019 89 2 Exec Code Sql 2011-11-02 2011-11-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
41 CVE-2010-5017 89 1 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 allows remote attackers to execute arbitrary SQL commands via the account parameter.
42 CVE-2010-5016 89 1 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in matchdb.php in Elite Gaming Ladders 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the match parameter.
43 CVE-2010-5015 89 1 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view_photo.php in 2daybiz Network Community Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
44 CVE-2010-5014 89 1 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in standings.php in Elite Gaming Ladders 3.5 allows remote attackers to execute arbitrary SQL commands via the ladder[id] parameter.
45 CVE-2010-5013 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in listing_detail.asp in Mckenzie Creations Virtual Real Estate Manager (VRM) 3.5 allows remote attackers to execute arbitrary SQL commands via the Lid parameter.
46 CVE-2010-5012 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
47 CVE-2010-5011 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to execute arbitrary SQL commands via the session parameter.
48 CVE-2010-5009 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in UTStats Beta 4 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter in a matchp action.
49 CVE-2010-5008 89 2 Exec Code Sql 2011-11-02 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in pages/contact_list_mail_form.asp in BrightSuite Groupware 5.4 allows remote attackers to execute arbitrary SQL commands via the ContactID parameter.
50 CVE-2010-5006 89 1 Exec Code Sql 2011-11-02 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in googlemap/index.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the cat1 parameter.
Total number of vulnerabilities : 79   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.