CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2011(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2011-0407 89 Exec Code Sql 2011-01-10 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the store function in _phenotype/system/class/PhenoTypeDataObject.class.php in Phenotype CMS 3.0 allows remote attackers to execute arbitrary SQL commands via a crafted URI, as demonstrated by Gallery/gal_id/1/image1,1.html. NOTE: some of these details are obtained from third party information.
102 CVE-2010-5062 89 2 Exec Code Sql 2011-11-22 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php in MH Products kleinanzeigenmarkt allows remote attackers to execute arbitrary SQL commands via the c parameter.
103 CVE-2010-5061 89 2 Exec Code Sql 2011-11-22 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in RSStatic allows remote attackers to execute arbitrary SQL commands via the maxarticles parameter.
104 CVE-2010-5060 89 2 Exec Code Sql 2011-11-22 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
105 CVE-2010-5059 89 2 Exec Code Sql 2011-11-22 2012-01-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CMScout 2.0.8 allows remote attackers to execute arbitrary SQL commands via the album parameter in a photos action.
106 CVE-2010-5058 89 Exec Code Sql 2011-11-22 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the res_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
107 CVE-2010-5057 89 2 Exec Code Sql 2011-11-22 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the tipodoc_id parameter.
108 CVE-2010-5056 89 2 Exec Code Sql 2011-11-22 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the GBU Facebook (com_gbufacebook) component 1.0.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the face_id parameter in a show_face action to index.php.
109 CVE-2010-5055 89 2 Exec Code Sql 2011-11-22 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Almnzm 2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
110 CVE-2010-5053 89 2 Exec Code Sql 2011-11-22 2011-11-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a prod_desc action to index.php.
111 CVE-2010-5049 89 1 Exec Code Sql 2011-11-22 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the nav_time parameter.
112 CVE-2010-5047 89 2 Exec Code Sql 2011-11-22 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in page.php in V-EVA Press Release Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
113 CVE-2010-5044 89 1 Exec Code Sql 2011-11-02 2017-08-28
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in models/log.php in the Search Log (com_searchlog) component 3.1.0 for Joomla! allows remote authenticated users, with Public Back-end privileges, to execute arbitrary SQL commands via the search parameter in a log action to administrator/index.php. NOTE: some of these details are obtained from third party information.
114 CVE-2010-5043 89 1 Exec Code Sql 2011-11-02 2017-08-28
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) component 0.9.1 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the cid[] parameter in an editItem action to administrator/index.php.
115 CVE-2010-5041 89 1 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 for Nucleus allows remote attackers to execute arbitrary SQL commands via the id parameter in a plugin action.
116 CVE-2010-5039 89 1 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in control/admin_login.php in ScriptsFeed Recipes Listing Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter (aka the UserName field). NOTE: some of these details are obtained from third party information.
117 CVE-2010-5037 89 2 Exec Code Sql 2011-11-02 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in article.php in SenseSites CommonSense CMS allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
118 CVE-2010-5036 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter.
119 CVE-2010-5034 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in viewhistorydetail.php in iScripts EasyBiller 1.1 allows remote attackers to execute arbitrary SQL commands via the planid parameter.
120 CVE-2010-5033 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows remote attackers to execute arbitrary SQL commands via the CatDisplay parameter.
121 CVE-2010-5032 89 1 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component before 1.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a bfquiztrial action to index.php.
122 CVE-2010-5029 89 1 Exec Code Sql 2011-11-02 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the show parameter in a web action.
123 CVE-2010-5028 89 1 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.
124 CVE-2010-5026 89 2 Exec Code Sql 2011-11-02 2017-08-28
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the type parameter. NOTE: some of these details are obtained from third party information.
125 CVE-2010-5024 89 1 Exec Code Sql 2011-11-02 2018-10-10
6.0
None Remote Medium Single system Partial Partial Partial
SQL injection vulnerability in manage/add_user.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote authenticated users, with Read privileges, to execute arbitrary SQL commands via the user_id parameter. NOTE: some of these details are obtained from third party information.
126 CVE-2010-5023 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.asp in Digital Interchange Calendar 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intDivisionID parameter.
127 CVE-2010-5022 89 1 Exec Code Sql 2011-11-02 2011-11-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JExtensions JE Story Submit (com_jesubmit) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the view parameter to index.php.
128 CVE-2010-5021 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view_group.asp in Digital Interchange Document Library 5.8.5 allows remote attackers to execute arbitrary SQL commands via the intGroupID parameter.
129 CVE-2010-5020 89 1 Exec Code Sql 2011-11-02 2013-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
130 CVE-2010-5019 89 2 Exec Code Sql 2011-11-02 2011-11-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
131 CVE-2010-5017 89 1 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 allows remote attackers to execute arbitrary SQL commands via the account parameter.
132 CVE-2010-5016 89 1 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in matchdb.php in Elite Gaming Ladders 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the match parameter.
133 CVE-2010-5015 89 1 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view_photo.php in 2daybiz Network Community Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.
134 CVE-2010-5014 89 1 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in standings.php in Elite Gaming Ladders 3.5 allows remote attackers to execute arbitrary SQL commands via the ladder[id] parameter.
135 CVE-2010-5013 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in listing_detail.asp in Mckenzie Creations Virtual Real Estate Manager (VRM) 3.5 allows remote attackers to execute arbitrary SQL commands via the Lid parameter.
136 CVE-2010-5012 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
137 CVE-2010-5011 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to execute arbitrary SQL commands via the session parameter.
138 CVE-2010-5009 89 2 Exec Code Sql 2011-11-02 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in UTStats Beta 4 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter in a matchp action.
139 CVE-2010-5008 89 2 Exec Code Sql 2011-11-02 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in pages/contact_list_mail_form.asp in BrightSuite Groupware 5.4 allows remote attackers to execute arbitrary SQL commands via the ContactID parameter.
140 CVE-2010-5006 89 1 Exec Code Sql 2011-11-02 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in googlemap/index.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the cat1 parameter.
141 CVE-2010-5004 89 1 Exec Code Sql 2011-11-02 2011-11-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter.
142 CVE-2010-5003 89 2 Exec Code Sql 2011-11-01 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the AutarTimonial (com_autartimonial) component 1.0.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the limit parameter in an autartimonial action to index.php. NOTE: some of these details are obtained from third party information.
143 CVE-2010-5001 89 1 Exec Code Sql 2011-11-01 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in view.php in esoftpro Online Contact Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
144 CVE-2010-5000 89 2 Exec Code Sql 2011-11-02 2012-02-13
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in login/login_index.php in MCLogin System 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the myusername parameter (aka Username field) in a do_login action. NOTE: some of these details are obtained from third party information.
145 CVE-2010-4999 89 1 Exec Code Sql 2011-11-01 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in esoftpro Online Photo Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the section parameter.
146 CVE-2010-4997 89 1 Exec Code Sql 2011-11-02 2011-11-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 allows remote attackers to execute arbitrary SQL commands via the id parameter in a product action.
147 CVE-2010-4996 89 1 Exec Code Sql 2011-11-01 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in ogp_show.php in esoftpro Online Guestbook Pro 5.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
148 CVE-2010-4995 89 2 Exec Code Sql 2011-11-01 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the NeoRecruit (com_neorecruit) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in an offer_view action to index.php, a different vector than CVE-2007-4506.
149 CVE-2010-4994 89 2 Exec Code Sql 2011-11-01 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Jobs Pro component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the detailed_results parameter to search_jobs.html.
150 CVE-2010-4993 89 2 Exec Code Sql 2011-11-01 2017-08-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the eventcal (com_eventcal) component 1.6.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
Total number of vulnerabilities : 294   Page : 1 2 3 (This Page)4 5 6
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.