探索与 SQL Injection 漏洞相关的 CVE,并按公开年份筛选。本列表默认优先展示最新披露,并支持按 CVSS 与 EPSS 风险分数进一步筛选。
覆盖最新漏洞披露与趋势,帮助安全团队快速识别高风险问题与被利用可能性。
当前为 SQL Injection 类型、2006 年公开的 CVE。 查看完整 CVE 列表
| CVE | 描述 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|
| CVE-2006-7232 | sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY. | 3.5 | 2.15% | 2006-12-31 | 2026-04-23 |
| CVE-2006-7231 | SQL injection vulnerability in display.asp in Civica Software Civica allows remote attackers to execute arbitrary SQL commands via the Entry parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 7.5 | 0.37% | 2006-12-31 | 2026-04-23 |
| CVE-2006-6912 | SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter. | 7.5 | 0.40% | 2006-12-31 | 2026-04-23 |
| CVE-2006-6880 | Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter. | 7.5 | 0.45% | 2006-12-31 | 2026-04-23 |
| CVE-2006-6848 | SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter. | 7.5 | 1.18% | 2006-12-31 | 2026-04-23 |
| CVE-2006-6747 | SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter. | 7.5 | 1.05% | 2006-12-27 | 2026-04-23 |
| CVE-2006-6706 | SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages. | 6.5 | 0.55% | 2006-12-23 | 2026-04-23 |
| CVE-2006-6402 | SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the details parameter. | 7.5 | 0.79% | 2006-12-10 | 2026-04-23 |
| CVE-2006-6367 | Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976. | 7.5 | 2.18% | 2006-12-07 | 2026-04-23 |
| CVE-2006-6349 | Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine. | 7.5 | 2.31% | 2006-12-07 | 2026-04-23 |
| CVE-2006-6337 | Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter. | 7.5 | 0.76% | 2006-12-07 | 2026-04-23 |
| CVE-2006-6157 | SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter. | 7.5 | 3.42% | 2006-11-28 | 2026-04-23 |
| CVE-2006-6109 | Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp. | 7.5 | 0.91% | 2006-11-26 | 2026-04-23 |
| CVE-2006-6095 | Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094. | 7.5 | 1.98% | 2006-11-24 | 2026-04-23 |
| CVE-2006-6094 | Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to activenews_search.asp. | 7.5 | 2.53% | 2006-11-24 | 2026-04-23 |
| CVE-2006-6073 | Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp. | 7.5 | 0.56% | 2006-11-24 | 2026-04-23 |
| CVE-2006-6048 | SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 | 1.31% | 2006-11-22 | 2026-04-23 |
| CVE-2006-6038 | SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 | 1.25% | 2006-11-22 | 2026-04-23 |
| CVE-2006-5957 | Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. NOTE: the vendor has disputed this report, saying "The vulnerabilities mentioned were never present in our official released products but only in the unofficial demo version. However we do appreciate the information. We h | 7.5 | 3.66% | 2006-11-17 | 2026-04-23 |
| CVE-2006-5840 | Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to slistl.php. NOTE: the cat vector is already covered by CVE-2006-2853. NOTE: the vendor has notified CVE that the current version only creates static pages, and that slistl.php/slid never existed in any version | 7.5 | 2.88% | 2006-11-10 | 2026-03-13 |