Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CVEs (19,368)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2004-2746 1Pensacola Web Designs 1Xtremeasp Photogallery Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2004-2737 1Netsupport 1Dna Helpdesk Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter.
CVE-2004-2716 1Php Heaven 1Phpmychat Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R paramet...Show more Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.Show less
CVE-2004-2695 2Jelsoft Point To Point Protocol Project 2Point To Point Protocol Vbulletin Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parame...Show more SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267.Show less
CVE-2004-1553 1Fullrevolution 1Aspwebalbum Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that...Show more SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.Show less
CVE-2004-1339 1Oracle 2Database Server Oracle9i Apr 16, 2026 Dec 23, 2004 N/A· v4 N/A· v3 6.5 MEDIUM· v2 SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new...Show more SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.Show less
CVE-2004-0366 1Pam Pgsql 1Pam Pgsql Apr 16, 2026 May 4, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements.
CVE-2004-1925 1Tiki 1Tikiwiki Cms/groupware Apr 16, 2026 Apr 12, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_...Show more Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php.Show less
CVE-2003-1533 1Phppass 1Phppass Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.
CVE-2003-1532 1Julien Desaunay 1Phpmyshop Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters.
CVE-2003-1530 1Phpbb 1Phpbb Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.
CVE-2003-1523 1Dbmail 1Dbmail Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors.
CVE-2003-1520 1Fuzzymonkey 1Myclassifieds Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 6.8 MEDIUM· v2 SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.
CVE-2003-1504 1Goldscripts 1Goldlink Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php.
CVE-2003-1458 1Ttcms 2Ttcms Ttforum Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name.
CVE-2003-1435 1Francisco Burzi 1Php Nuke Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote attackers to execute arbitrary SQL commands via the days parameter to the search module.
CVE-2003-1340 1Phpnuke 1Php Nuke Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 6.5 MEDIUM· v2 Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to...Show more Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.Show less
CVE-2003-1244 1Phpbb Group 1Phpbb Apr 16, 2026 Dec 31, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
CVE-2003-0845 1Jboss 1Jboss Apr 16, 2026 Nov 17, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute a...Show more Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.Show less
CVE-2003-0377 1Iisprotect 1Iisprotect Apr 16, 2026 Jun 16, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demon...Show more SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP.Show less

Previous 1...965 966 967968969 Next