Total
15625 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0459 | 1 Wholehogsoftware | 1 Password Protect | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2105 | 1 Kasper Skrhj | 1 References Database | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2006-7170 | 1 Koan Software | 1 Mega Mall | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php. | |||||
| CVE-2008-4884 | 1 Yourfreeworld | 1 Classifieds Hosting Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3026 | 1 Oneclick Cms | 1 Oneclick Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0740 | 1 Frankmancuso | 1 Bluebird | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | |||||
| CVE-2008-3412 | 1 Ecshop | 1 Epshop | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI. | |||||
| CVE-2008-6851 | 1 Php Link Directory | 1 Php Link Directory | 2025-04-09 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||||
| CVE-2008-5595 | 1 Aspapps | 1 Asp Autodealer | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2007-6579 | 1 Ip Reg | 1 Ip Reg | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id parameter to nodelist.php; and unspecified other vectors. NOTE: it was later reported that the vlanview.php and vlandel.php vectors are also in 0.4. | |||||
| CVE-2008-3133 | 1 Barenuked | 1 Barenuked Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2008-1911 | 1 1024 Cms | 1 1024 Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 beta and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a cookpass cookie. | |||||
| CVE-2009-2018 | 1 Jaredeckersley | 1 Mycars | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authuserid parameter. | |||||
| CVE-2008-6017 | 1 I-rater | 1 I-rater Basic | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in messages.php in I-Rater Basic allows remote attackers to execute arbitrary SQL commands via the idp parameter. | |||||
| CVE-2008-2858 | 1 Webchamado | 1 Webchamado | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1890 | 2 Azrul, Joomla | 2 Jom Comment, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3118 | 1 Danneo | 1 Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the comtext parameter, in conjunction with crafted comname and comtitle parameters, in a poll action to index.php, related to incorrect input sanitization in base/danneo.function.php. | |||||
| CVE-2008-3725 | 1 Yourfreeworld | 1 Ad Board Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-3533 | 1 John Beranek | 1 Meeting Room Booking System | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in report.php in Meeting Room Booking System (MRBS) before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the typematch parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1398 | 1 Auracms | 1 Auracms | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header. | |||||