Total
15451 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6134 | 1 Phpkit | 1 Phpkit | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773. | |||||
| CVE-2008-0139 | 1 Loudblog | 1 Loudblog | 2025-04-09 | 6.8 MEDIUM | N/A |
| Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter. | |||||
| CVE-2008-0099 | 1 Myphp Forum | 1 Myphp Forum | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors. | |||||
| CVE-2009-2361 | 1 Osticket | 1 Osticket | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter. | |||||
| CVE-2007-6170 | 2 Debian, Digium | 2 Debian Linux, Asterisk | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments. | |||||
| CVE-2008-6784 | 1 Scripts-for-sites | 1 Ez Adult Directory | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-0326 | 1 Fascript | 1 Fapersianhack | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php. | |||||
| CVE-2007-3938 | 1 Maxdev | 1 Mdpro | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676. | |||||
| CVE-2007-0875 | 1 Mcrefer | 1 Mcrefer | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database | |||||
| CVE-2008-2892 | 2 Feellove, Joomla | 2 Exp Shop Component, Com Expshop | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php. | |||||
| CVE-2008-3556 | 1 Haudenschilt | 1 Battlenet Clan Script | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522. | |||||
| CVE-2008-0911 | 1 Iscripts | 1 Multicart | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter. | |||||
| CVE-2009-1584 | 1 R020 | 1 Tematres | 2025-04-09 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php. | |||||
| CVE-2009-0768 | 1 Yapbb | 1 Yapbb | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the forumID parameter in a next action. | |||||
| CVE-2007-4714 | 1 Yvora | 1 Yvora | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in error_view.php in Yvora 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2008-2113 | 1 Phpeasydata | 1 Phpeasydata | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-5652 | 1 Myiosoft | 1 Easybookmarker | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4099 | 2 G4j.laoneo, Joomla | 2 Com Gcalendar, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3532 | 2 Logrover, Microsoft | 2 Logrover, Windows | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0302 | 1 Php-nuke | 1 Downloads Module | 2025-04-09 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php. | |||||