CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2010(SQL Injection)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2010-1721 89 1 Exec Code Sql 2010-05-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Intellectual Property (aka IProperty or com_iproperty) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an agentproperties action to index.php.
202 CVE-2010-1720 89 1 Exec Code Sql 2010-05-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the katid parameter in a qpListele action to index.php.
203 CVE-2010-1716 89 1 Exec Code Sql 2010-05-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Agenda Address Book (com_agenda) component 1.0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
204 CVE-2010-1713 89 2 Exec Code Sql 2010-05-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in modules.php in PostNuke 0.764 allows remote attackers to execute arbitrary SQL commands via the sid parameter in a News article modload action.
205 CVE-2010-1708 89 2 Exec Code Sql 2010-05-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in agentadmin.php in Free Realty allow remote attackers to execute arbitrary SQL commands via the (1) login field (aka agentname parameter) or (2) password field (aka agentpassword parameter).
206 CVE-2010-1706 89 2 Exec Code Sql 2010-05-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction Script allow remote attackers to execute arbitrary SQL commands via (1) the login field (aka the username parameter), and possibly (2) the password field, to index.php. NOTE: some of these details are obtained from third party information.
207 CVE-2010-1705 89 1 Exec Code Sql 2010-05-04 2010-05-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in casting_view.php in Modelbook allows remote attackers to execute arbitrary SQL commands via the adnum parameter.
208 CVE-2010-1704 89 2 Exec Code Sql 2010-05-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to execute arbitrary SQL commands via (1) the password field to login.php, (2) the login field (aka email parameter) to login.php, (3) the password field (aka pass parameter) to the default URI under admin/, and possibly (4) the login field to the default URI under admin/. NOTE: some of these details are obtained from third party information.
209 CVE-2010-1702 89 2 Exec Code Sql 2010-05-04 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in submitticket.php in WHMCompleteSolution (WHMCS) 4.2 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.
210 CVE-2010-1701 89 1 Exec Code Sql 2010-05-04 2010-05-04
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in browse.html in PHP Video Battle Script allows remote attackers to execute arbitrary SQL commands via the cat parameter.
211 CVE-2010-1669 89 Exec Code Sql 2010-07-06 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
212 CVE-2010-1661 89 2 Exec Code Sql 2010-05-03 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) 3.0.21 allow remote attackers to execute arbitrary SQL commands via the (1) phpqa_user_c parameter to Arcade.php and the (2) id parameter to acpmoderate.php.
213 CVE-2010-1660 89 2 Exec Code Sql 2010-05-03 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in help-details.php in CLScript Classifieds Script allows remote attackers to execute arbitrary SQL commands via the hpId parameter.
214 CVE-2010-1656 89 1 Exec Code Sql 2010-05-03 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Airiny ABC (com_abc) component 1.1.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the sectionid parameter in an abc action to index.php.
215 CVE-2010-1654 89 2 Exec Code Sql 2010-05-03 2010-05-03
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in system_member_login.php in Infocus Real Estate Enterprise Edition allow remote attackers to execute arbitrary SQL commands via the (1) username (aka login) and (2) password parameters. NOTE: some of these details are obtained from third party information.
216 CVE-2010-1615 89 Exec Code Sql 2010-04-29 2010-05-22
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php.
217 CVE-2010-1605 89 Exec Code Sql 2010-04-29 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in isearch.php in NCT Jobs Portal Script allow remote attackers to execute arbitrary SQL commands via the (1) anyword and (2) cityname parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
218 CVE-2010-1604 89 2 Exec Code Sql 2010-04-29 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in admin_login.php in NCT Jobs Portal Script allow remote attackers to execute arbitrary SQL commands via the (1) user parameter (aka login field) and (2) passwd parameter (aka password field). NOTE: some of these details are obtained from third party information.
219 CVE-2010-1600 89 2 Exec Code Sql 2010-04-29 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Media Mall Factory (com_mediamall) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.
220 CVE-2010-1599 89 2 Exec Code Sql 2010-04-29 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and 5.2.2.0 allows remote attackers to execute arbitrary SQL commands via the id_sp parameter.
221 CVE-2010-1595 89 1 Exec Code Sql 2010-04-28 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to execute arbitrary SQL commands via the (1) c, (2) val_1, or (3) onglet_bis parameter.
222 CVE-2010-1588 89 Exec Code Sql 2010-04-28 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Getwebsess function in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via the websess parameter.
223 CVE-2010-1583 89 1 Exec Code Sql 2010-05-06 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action.
224 CVE-2010-1559 89 Exec Code Sql 2010-04-27 2010-04-28
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a speakerpopup action to index.php. NOTE: some of these details are obtained from third party information.
225 CVE-2010-1538 89 2 Exec Code Sql 2010-04-26 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in print_raincheck.php in phpRAINCHECK 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
226 CVE-2010-1529 89 2 Exec Code Sql 2010-04-26 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) component, possibly 1.3, for Joomla! allows remote attackers to execute arbitrary SQL commands via the faqid parameter in an faq action to index.php.
227 CVE-2010-1522 89 Exec Code Sql 2010-07-02 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php, or (5) the searchtext parameter in a search action to index.php.
228 CVE-2010-1521 89 Exec Code Sql 2010-06-30 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in include/classes/tzn_user.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to execute arbitrary SQL commands via the password parameter to login.php.
229 CVE-2010-1499 89 2 Exec Code Sql 2010-04-23 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in genre_artists.php in MusicBox 3.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
230 CVE-2010-1498 89 2 Exec Code Sql 2010-04-23 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) download.php and (2) view_file.php.
231 CVE-2010-1496 89 2 Exec Code Sql 2010-04-23 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JoltCard (com_joltcard) component 1.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cardID parameter in a view action to index.php.
232 CVE-2010-1493 89 2 Exec Code Sql 2010-04-23 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the AWDwall (com_awdwall) component before 1.5.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cbuser parameter in an awdwall action to index.php.
233 CVE-2010-1480 89 Exec Code Sql 2010-04-19 2010-06-08
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the module parameter to index.php. NOTE: some of these details are obtained from third party information.
234 CVE-2010-1479 89 2 Exec Code Sql 2010-04-19 2010-06-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the RokModule (com_rokmodule) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter in a raw action to index.php.
235 CVE-2010-1477 89 2 Exec Code Sql 2010-04-19 2010-06-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) component before 3.2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a latest_sermons action to index.php.
236 CVE-2010-1468 89 2 Exec Code Sql 2010-04-19 2010-06-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager (aka MVRMM or com_mv_restaurantmenumanager) component 1.5.2 Stable Update 3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the mid parameter in a menu_display action to index.php.
237 CVE-2010-1463 89 Exec Code Sql 2010-04-16 2018-10-10
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE allow attackers to execute arbitrary SQL commands via the (1) add2cart, (2) c_id, (3) categoryID, (4) list_price, (5) name, (6) new_offer, (7) price, (8) product_code, (9) productID, (10) rating, and (11) save_product parameters.
238 CVE-2010-1431 89 Exec Code Sql 2010-05-04 2012-02-15
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in templates_export.php in Cacti 0.8.7e and earlier allows remote attackers to execute arbitrary SQL commands via the export_item_id parameter.
239 CVE-2010-1426 89 Exec Code Sql 2010-04-15 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in MODx Evolution before 1.0.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors related to WebLogin.
240 CVE-2010-1372 89 1 Exec Code Sql 2010-04-13 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) component 1.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
241 CVE-2010-1370 89 1 Exec Code Sql 2010-04-13 2010-04-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in detailad.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the siteid parameter.
242 CVE-2010-1369 89 2 Exec Code Sql 2010-04-13 2010-04-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to execute arbitrary SQL commands via the email parameter.
243 CVE-2010-1368 89 2 Exec Code Sql 2010-04-13 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action.
244 CVE-2010-1366 89 2 Exec Code Sql 2010-04-13 2010-04-14
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in admin/admin_login.php in Uiga Fan Club 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin_name and (2) admin_password parameters.
245 CVE-2010-1365 89 2 Exec Code Sql 2010-04-13 2010-04-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.
246 CVE-2010-1364 89 2 Exec Code Sql 2010-04-13 2010-04-14
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Uiga Personal Portal, as downloaded on 20100301, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. NOTE: some of these details are obtained from third party information.
247 CVE-2010-1363 89 2 Exec Code Sql 2010-04-13 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JProjects (com_j-projects) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the project parameter in a projects action to index.php.
248 CVE-2010-1359 89 Exec Code Sql 2010-04-13 2010-04-14
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in bluegate_seo.inc.php in the Direct URL module for xt:Commerce, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the coID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
249 CVE-2010-1350 89 2 Exec Code Sql 2010-04-12 2017-08-16
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the JP Jobs (com_jp_jobs) component 1.4.1 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
250 CVE-2010-1346 89 2 Exec Code Sql 2010-04-09 2017-08-16
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information.
Total number of vulnerabilities : 520   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.