Total
15432 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0360 | 1 Blog Cms | 1 Blog Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php. | |||||
| CVE-2008-6032 | 1 Wsn | 1 Links | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-6349 | 1 Pwp Technologies | 1 The Classified Ad System | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine. | |||||
| CVE-2008-2647 | 1 Mebiblio | 1 Mebiblio | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/journal_change_mask.inc.php in meBiblio 0.4.7 allows remote attackers to execute arbitrary SQL commands via the JID parameter. | |||||
| CVE-2008-3867 | 1 Cce-interact | 1 Interact | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter. | |||||
| CVE-2007-0794 | 1 Globalmegacorp | 1 Dvddb | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function definitions | |||||
| CVE-2008-2278 | 1 Freelanceauction | 1 Freelance Auction Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browseproject.php in Freelance Auction Script 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a pdetails action. | |||||
| CVE-2007-6393 | 1 Ace Image Hosting Script | 1 Ace Image Hosting Script | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode. | |||||
| CVE-2008-5051 | 2 Jooblog, Joomla | 2 Jooblog, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php. | |||||
| CVE-2007-6078 | 1 Skyportal | 1 Skyportal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involving a parameter passed from cp_main.asp; (3) inc_profile_functions.asp; or (4) inc_SUBSCRIPTIONS.asp; or the (5) Avatar_URL, (6) LINK1, or (7) LINK2 parameter to cp_main.asp in an EditIt action. | |||||
| CVE-2008-6582 | 1 Miniweb2 | 1 Miniweb | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | |||||
| CVE-2008-1408 | 1 Phpbp | 1 Phpbp | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/functions/banners-external.php in phpBP 2 RC3 (2.204) FIX 4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a banner_out action. | |||||
| CVE-2008-2763 | 1 Xigla | 1 Absolute Live Support Xe | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2008-3563 | 1 Plogger | 1 Plogger | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings. | |||||
| CVE-2008-2135 | 1 Visualshapers | 1 Ezcontents | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php. | |||||
| CVE-2008-0922 | 1 Php-nuke | 1 Manuales | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php. | |||||
| CVE-2008-4674 | 1 Conkurent | 1 Real Estate | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse mode. | |||||
| CVE-2006-7118 | 1 Dmxready | 1 Site Engine Manager | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||||
| CVE-2007-6134 | 1 Phpkit | 1 Phpkit | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773. | |||||
| CVE-2008-0139 | 1 Loudblog | 1 Loudblog | 2025-04-09 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter. | |||||