Total
15606 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4401 | 2 Fr.simon Rundell, Typo3 | 2 Ste Parish Admin, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-7033 | 2 Galore, Joomla | 2 Com Simpleshop, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect. | |||||
| CVE-2008-2337 | 1 Imgallery | 1 Imgallery | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php in, different vectors than CVE-2006-3163. | |||||
| CVE-2009-1655 | 1 Easy-scripts | 1 Answer And Question Script | 2025-04-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password. | |||||
| CVE-2008-4345 | 1 Webportal | 1 Webportal Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter. | |||||
| CVE-2008-3484 | 1 Estoreaff | 1 Estoreaff | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php. | |||||
| CVE-2008-3090 | 1 Blognplus | 1 Blognplus | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO GUN +) 2.5.5 MySQL and PostgreSQL editions allow remote attackers to execute arbitrary SQL commands via the (1) p, (2) e, (3) d, and (4) m parameters, a different vulnerability than CVE-2008-2819. | |||||
| CVE-2009-3116 | 1 Uiga | 1 Church Portal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the year parameter in a calendar action. | |||||
| CVE-2008-2448 | 1 Aspindir | 1 Meto Forum | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp. | |||||
| CVE-2008-0678 | 1 Blogphp | 1 Blogphp | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action. | |||||
| CVE-2008-1750 | 1 Livecart | 1 Livecart | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI. | |||||
| CVE-2008-6068 | 2 Joomla, Web Design Hero | 2 Joomla, Joomladate | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JoomlaDate (com_joomladate) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a viewProfile action to index.php. | |||||
| CVE-2009-2113 | 1 Fretsweb Project | 1 Fretsweb | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php. | |||||
| CVE-2008-1936 | 1 Classifieds Caffe | 1 Classifieds Caffe | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Classifieds Caffe allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an add action. NOTE: this issue might be site-specific. | |||||
| CVE-2008-6487 | 1 Digiappz | 1 Digiaffiliate | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAffiliate 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin and (2) password fields. | |||||
| CVE-2008-4078 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-4561 | 1 Worms-league | 1 Webleague | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-3582 | 1 Sql-ledger | 1 Sql-ledger | 2025-04-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation. | |||||
| CVE-2008-5926 | 1 Asp-dev | 1 Internal E-mail System | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1751 | 1 Realtywebware | 1 Realty Web-base | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||