探索與 SQL Injection 漏洞相關的 CVE,並依公開年份篩選。本清單預設優先展示最新揭露,並支援依 CVSS 與 EPSS 風險分數進一步篩選。
涵蓋最新漏洞揭露與趨勢,協助安全團隊快速識別高風險問題與被利用可能性。
目前為 SQL Injection 類型、2005 年公開的 CVE。 檢視完整 CVE 清單
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2005-4711 | SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 6.8 | 0.66% | 2005-12-31 | 2026-04-16 |
| CVE-2005-4632 | SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. | 7.5 | 1.10% | 2005-12-31 | 2026-04-16 |
| CVE-2005-4617 | SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pg parameter. | 7.5 | 0.59% | 2005-12-31 | 2026-04-16 |
| CVE-2005-4606 | SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter. | 7.5 | 1.14% | 2005-12-31 | 2026-04-16 |
| CVE-2005-4515 | SQL injection vulnerability in WebDB 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search parameters, possibly Search0. NOTE: the vendor has disputed this issue, saying that "WebDB is a generic online database system used by many of the clients of Lois Software. The flaw that was identified was some code that was added for a client to do some testing of his system and only certain safe commands were allowed. This code has now been removed and it is no | 7.5 | 1.31% | 2005-12-23 | 2026-04-16 |
| CVE-2005-4500 | SQL injection vulnerability in MusicBox 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) show and (2) type parameter. NOTE: the provenance of this information is unknown, although it was later rediscovered. | 7.5 | 0.73% | 2005-12-22 | 2026-04-16 |
| CVE-2005-4495 | SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the vendor has disputed this issue, stating "This information is incorrect, unproven, and potentially slanderous." However, CVE and OSVDB have both performed additional research that suggests that this might be path disclosure from invalid SQL syntax | 7.5 | 1.03% | 2005-12-22 | 2026-04-16 |
| CVE-2005-4478 | Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the (2) forumid and (3) reporeid_print parameters to (c) print.php. | 7.5 | 0.71% | 2005-12-22 | 2026-04-16 |
| CVE-2005-4382 | SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm. | 7.5 | 0.85% | 2005-12-20 | 2026-04-16 |
| CVE-2005-4380 | Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php. | 7.5 | 1.99% | 2005-12-20 | 2026-04-16 |
| CVE-2005-4349 | SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely rel | 6.3 | 1.66% | 2005-12-19 | 2026-04-16 |
| CVE-2005-4315 | SQL injection vulnerability in the search function in Plexum PLEXCART X3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly involving the (1) s_itemname and (2) s_orderby parameters to plexcart.pl. | 7.5 | 0.64% | 2005-12-17 | 2026-04-16 |
| CVE-2005-4263 | SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter. | 7.5 | 0.71% | 2005-12-15 | 2026-04-16 |
| CVE-2005-4246 | SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter. | 7.5 | 0.37% | 2005-12-14 | 2026-04-16 |
| CVE-2005-4244 | SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php. | 7.5 | 0.73% | 2005-12-14 | 2026-04-16 |
| CVE-2005-4232 | SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the vendor has disputed this issue, saying "The vulnerability is without any basis and did not actually work." CVE has not verified either the vendor or researcher statements, but the original researcher is known to make frequent mistakes when reporting SQL injection | 7.5 | 0.80% | 2005-12-14 | 2026-04-16 |
| CVE-2005-4228 | Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. NOTE: it was later reported that the comments.php/sort_by vector also affects 1.7.2 and earlier. | 7.5 | 0.95% | 2005-12-14 | 2026-04-16 |
| CVE-2005-4199 | Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php. | 7.5 | 1.71% | 2005-12-13 | 2026-04-16 |
| CVE-2005-4198 | SQL injection vulnerability in index.php in Netref 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources. | 7.5 | 0.55% | 2005-12-13 | 2026-04-16 |
| CVE-2005-4195 | Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0. | 7.5 | 3.63% | 2005-12-13 | 2026-04-16 |