CVE List by Type: SQL Injection (Filtered by Published Year)

Explore CVEs related to SQL Injection vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing SQL Injection CVEs published in 2005. View full CVE list

Showing 4151 of 51 results
«« First « Prev Page 3 / 3 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2005-3497 SQL injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to execute arbitrary SQL commands via the serviceid parameter. NOTE: on 20060210, the vendor disputed this issue, saying "this is 100% false reporting, this is a slander campaign from a customer who had a vulnerability in his SERVER not the software." However, followup investigation strongly suggests that the original report is correct 7.5 1.40% 2005-11-03 2026-06-16
CVE-2005-3365 Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11. 7.5 3.17% 2005-10-30 2026-06-16
CVE-2005-3325 Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters. 7.5 2.62% 2005-10-27 2026-06-16
CVE-2005-3046 SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field. 6.8 1.14% 2005-09-23 2026-06-16
CVE-2005-2983 SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes. 7.5 2.18% 2005-09-19 2026-06-16
CVE-2005-2035 SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password. 7.5 1.14% 2005-06-16 2026-06-16
CVE-2005-1500 Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well. 7.5 2.54% 2005-05-11 2026-06-16
CVE-2005-1487 Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable 7.5 3.45% 2005-05-11 2026-06-16
CVE-2005-1017 SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp. 7.5 1.34% 2005-05-02 2026-06-16
CVE-2005-0252 SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password. 7.5 1.86% 2005-05-02 2026-06-16
CVE-2005-0413 Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier. 7.5 2.08% 2005-04-27 2026-06-16
«« First « Prev Page 3 / 3 Next »
cvelogic Threat Intelligence