Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.
Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.
You're viewing SQL Injection CVEs published in 2005. View full CVE list
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2005-4073 | SQL injection vulnerability in view_archive.cfm in CFMagic Magic List Pro 2.5 allows remote attackers to execute arbitrary SQL commands via the ListID parameter. | 7.5 | 1.09% | 2005-12-07 | 2026-06-16 |
| CVE-2005-4071 | Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm. | 7.5 | 1.26% | 2005-12-07 | 2026-06-16 |
| CVE-2005-4058 | SQL injection vulnerability in saralblog 1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.php. | 7.5 | 1.24% | 2005-12-07 | 2026-06-16 |
| CVE-2005-4040 | SQL injection vulnerability in FileLister 0.51 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameters, possibly the searchwhat parameter to definesearch.jsp. | 7.5 | 1.38% | 2005-12-06 | 2026-06-16 |
| CVE-2005-4027 | SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters. | 7.5 | 1.20% | 2005-12-05 | 2026-06-16 |
| CVE-2005-4011 | SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 2.37% | 2005-12-05 | 2026-06-16 |
| CVE-2005-3996 | SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter. | 5.1 | 1.93% | 2005-12-04 | 2026-06-16 |
| CVE-2005-3984 | SQL injection vulnerability in WebCalendar 1.0.1 allows remote attackers to execute arbitrary SQL commands via the time_range parameter to edit_report_handler.php. NOTE: the startid/activity_log.php vector is already covered by CVE-2005-3949. | 7.5 | 1.27% | 2005-12-04 | 2026-06-16 |
| CVE-2005-3952 | SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0. | 7.5 | 2.52% | 2005-12-01 | 2026-06-16 |
| CVE-2005-3881 | SQL injection vulnerability in search.php in AtlantisFAQ Knowledge Base Software 2.03 and earlier allows remote attackers to execute arbitrary SQL commands via the searchStr parameter. | 7.5 | 1.21% | 2005-11-29 | 2026-06-16 |
| CVE-2005-3877 | Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php. | 7.5 | 1.22% | 2005-11-29 | 2026-06-16 |
| CVE-2005-3845 | SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email [email protected] and EZI will email you the patch to fix this small issue." | 7.5 | 1.09% | 2005-11-26 | 2026-06-16 |
| CVE-2005-3840 | SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category_id parameter. NOTE: due to a typo, an Internet Explorer issue was incorrectly assigned this identifier, but the correct identifier is CVE-2005-3240. | 7.5 | 1.21% | 2005-11-26 | 2026-06-16 |
| CVE-2005-3817 | Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module. | 7.5 | 4.09% | 2005-11-25 | 2026-06-16 |
| CVE-2005-3748 | SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter. | 7.5 | 1.20% | 2005-11-22 | 2026-06-16 |
| CVE-2005-3744 | SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code suggests that there is no id parameter being handled directly by index.php. | 7.5 | 1.21% | 2005-11-22 | 2026-06-16 |
| CVE-2005-3686 | SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php. | 7.5 | 1.29% | 2005-11-18 | 2026-06-16 |
| CVE-2005-3646 | Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php. | 7.5 | 2.23% | 2005-11-17 | 2026-06-16 |
| CVE-2005-3553 | Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable). | 7.5 | 1.89% | 2005-11-16 | 2026-06-16 |
| CVE-2005-3543 | SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter. | 6.8 | 1.44% | 2005-11-16 | 2026-06-16 |