Total
15431 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2087 | 1 Softbiz | 1 Web Hosting Directory Script | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817. | |||||
| CVE-2008-2088 | 1 Phpforge | 1 Php Forge | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php. | |||||
| CVE-2008-2446 | 1 Wgcc | 1 Web Group Communication Center | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) userid parameter to (a) profile.php in a "show moreinfo" action; the (2) bildid parameter to (b) picturegallery.php in a shownext action; the (3) id parameter to (c) filebase.php in a freigeben action, (d) schedule.php in a del action, and (e) profile.php in an observe action; and the (4) pmid parameter in a delete action and (5) folderid parameter in a showfolder action to (f) message.php. | |||||
| CVE-2009-4437 | 1 Activewebsoftwares | 1 Active Auction House | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1. | |||||
| CVE-2009-1651 | 1 2daybiz | 1 Business Community Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/member_details.php in 2daybiz Business Community Script allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||||
| CVE-2009-0728 | 2 Maxdev, Postnuke | 3 Md-pro, My Egallery, Postnuke | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php. | |||||
| CVE-2009-0428 | 1 Dmxready | 1 Secure Document Library | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Secure Document Library 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-4497 | 1 Built2go | 1 Real Estate Listings | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter. | |||||
| CVE-2008-1297 | 3 Ewriting, Joomla, Mambo | 3 Ewriting, Com Ewriting, Com Ewriting | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action. | |||||
| CVE-2008-5287 | 1 Scripts4you | 1 Faq Manager | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ Manager 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2009-4351 | 1 Wscreator | 1 Wscreator | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter. | |||||
| CVE-2009-4339 | 2 Stephan Vits, Typo3 | 2 Mf Subscription, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2009-3590 | 1 Vspanel | 1 Vs Panel | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter. | |||||
| CVE-2008-4495 | 1 Select Development Solutions | 1 Php Auto Dealer | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter. | |||||
| CVE-2008-0921 | 1 Becontent | 1 Becontent | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in beContent 0.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-5150 | 1 Nukescripts | 1 Nukesentinel | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125. | |||||
| CVE-2008-2197 | 1 Miniweb2 | 1 Blog Writer | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php. | |||||
| CVE-2008-1219 | 1 Phpnuke | 1 Kutubisitte Component | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php. | |||||
| CVE-2009-2013 | 1 Frontisgroup | 1 Frontis | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attackers to execute arbitrary SQL commands via the source_class parameter in a browse_classes action. | |||||
| CVE-2008-0291 | 1 Hangzhou Rui-qiang | 1 Richstrong Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||