Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2004. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2004-2754 | SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions. | 7.5 | 1.25% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2751 | SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | 6.8 | 1.35% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2746 | SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | 7.5 | 2.96% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2737 | SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter. | 7.5 | 1.00% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2716 | Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters. | 7.5 | 1.15% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2695 | SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267. | 7.5 | 1.26% | 2004-12-31 | 2026-04-16 |
| CVE-2004-1553 | SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action. | 7.5 | 2.38% | 2004-12-31 | 2026-04-16 |
| CVE-2004-1339 | SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters. | 6.5 | 1.48% | 2004-12-23 | 2026-04-16 |
| CVE-2004-0366 | SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements. | 7.5 | 1.47% | 2004-05-04 | 2026-04-16 |
| CVE-2004-1925 | Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-li | 7.5 | 1.21% | 2004-04-12 | 2026-04-16 |