Total
15507 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-3491 | 1 Scripts24 | 2 Ipost, Itgp | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action. | |||||
CVE-2008-4627 | 2 Rgallery, Woltlab | 2 Rgallery Plugin, Woltlab Burning Board | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php. | |||||
CVE-2008-3861 | 1 Phpmyrealty | 1 Phpmyrealty | 2025-04-09 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php. | |||||
CVE-2008-3711 | 1 Phparcadescript | 1 Phparcadescript | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a browse action. | |||||
CVE-2008-4379 | 1 Mr. Cgi Guy | 1 Hot Links Sql Php | 2025-04-09 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
CVE-2008-0695 | 1 Bookmarkx | 1 Script | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in BookmarkX script 2007 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a showtopic action. | |||||
CVE-2009-0332 | 1 Avbooklibrary | 1 Avbooklibrary | 2025-04-09 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components. | |||||
CVE-2008-3200 | 1 Easy-script | 1 Avlc Forum | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in vlc_forum.php in Avlc Forum as of 20080715 allows remote attackers to execute arbitrary SQL commands via the id parameter in an affich_message action. | |||||
CVE-2008-3590 | 1 Egi Zaberl | 1 E.z. Poll | 2025-04-09 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-0325 | 1 Fascript | 1 Fapersian Petition | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-0288 | 1 Imagealbum | 1 Imagealbum | 2025-04-09 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action. | |||||
CVE-2008-0353 | 1 Php-residence | 1 Php-residence | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in visualizza_tabelle.php in php-residence 0.7.2 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cognome_cerca parameter. NOTE: some of these details are obtained from third party information. | |||||
CVE-2009-1023 | 1 Phpcomasy | 1 Phpcomasy | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in phpComasy 0.9.1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter. | |||||
CVE-2008-6525 | 1 Nicephpscripts | 1 Nice Php Faq Script | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script (Knowledge base Script) allows remote attackers to execute arbitrary SQL commands via the Password parameter (aka the pass field). | |||||
CVE-2007-4837 | 1 Proxy Anket | 1 Proxy Anket | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-1591 | 1 Postnuke | 1 Postnuke | 2025-04-09 | 7.5 HIGH | N/A |
The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable). | |||||
CVE-2009-4577 | 1 Maxdev | 2 Mdforum, Mdpro | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php. | |||||
CVE-2008-3191 | 1 Marcioforum | 1 Mforum | 2025-04-09 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) City, (2) Interest, (3) Email, (4) Icq, (5) msn, or (6) Yahoo Messenger field in an edit_profile action. | |||||
CVE-2007-2111 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities. | |||||
CVE-2008-2902 | 1 Alstrasoft | 1 Askme Pro | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085. |