Total
15532 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6458 | 1 My123tkshop | 1 E-commerce-suite | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php. | |||||
| CVE-2006-6094 | 1 Dotnetindex | 1 Active News Manager | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to activenews_search.asp. | |||||
| CVE-2009-1734 | 1 Omnisoftsol | 1 Vidsharepro | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2008-6155 | 1 Hispah | 1 Text Links Ads | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1613 | 1 Reddot | 1 Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter. | |||||
| CVE-2008-5294 | 1 Bdigital Web Solutions | 1 Webstudio Ecatalogue | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WebStudio eCatalogue allows remote attackers to execute arbitrary SQL commands via the pageid parameter. | |||||
| CVE-2007-2113 | 1 Oracle | 1 Database Server | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB07 is actually for multiple issues. | |||||
| CVE-2008-5978 | 1 Ocean12 Technologies | 1 Mailing List Manager | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp. | |||||
| CVE-2007-1163 | 1 Webspell | 1 Webspell | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. | |||||
| CVE-2008-4466 | 1 Vastal I-tech | 1 Cosmetics Zone | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_products_cat.php in Vastal I-Tech Cosmetics Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-3604 | 1 Zeescripts | 1 Zeebuddy | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter. | |||||
| CVE-2008-0670 | 1 Joomla | 1 Com Noticias | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Noticias (com_noticias) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detalhe action. | |||||
| CVE-2008-5046 | 1 Mole Group | 1 Pizza Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Mole Group Pizza Script allows remote attackers to execute arbitrary SQL commands via the manufacturers_id parameter. | |||||
| CVE-2009-2232 | 1 Softbizscripts | 1 Banner Ad Management Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3291 | 1 Aprox | 2 Aprox Cms Engine, Aproxengine | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2180 | 1 Cplinks | 1 Cplinks | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in cpLinks 1.03, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) admin_username parameter (aka the username field) to admin/index.php and the (2) search_text and (3) search_category parameters to search.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1913 | 1 Lasernet Cms | 1 Lasernet Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the new parameter in a new action. | |||||
| CVE-2008-2417 | 1 How2asp | 1 Webboard | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard 4.1 allows remote attackers to execute arbitrary SQL commands via the qNo parameter. | |||||
| CVE-2008-5636 | 1 Lovedesigner | 1 Lito Lite Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2009-2097 | 1 Zokisoft | 1 Zoki Catalog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog (aka Smart Catalog) allows remote attackers to execute arbitrary SQL commands via the search_text parameter. NOTE: some of these details are obtained from third party information. | |||||