Total
15644 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5408 | 1 Cplinks | 1 Cpdynalinks | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2008-2670 | 1 Insanelysimple2 | 1 Isblog | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Insanely Simple Blog 0.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter, or (2) the term parameter in a search action. NOTE: the current_subsection parameter is already covered by CVE-2007-3889. | |||||
| CVE-2007-6663 | 2 Joomla, Pragmatic Utopia | 2 Joomla, Pu Arcade | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php. | |||||
| CVE-2008-5779 | 1 Flds Script | 1 Flds | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-3040 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php. | |||||
| CVE-2008-3591 | 1 21degrees | 1 Symphony | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php. | |||||
| CVE-2009-1746 | 1 Diangemilang | 1 Dgnews | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | |||||
| CVE-2008-1968 | 1 Cezannesw | 1 Cezanne | 2025-04-09 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp. | |||||
| CVE-2007-5068 | 1 Phpfullannu | 1 Phpfullannu | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpFullAnnu (PFA) 6.0 allows remote attackers to execute arbitrary SQL commands via the mod parameter. | |||||
| CVE-2009-2098 | 1 Micheal Glazer | 1 Phportal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topicler.php in phPortal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5797 | 1 Typo3 | 2 Advcalendar Extension, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-0429 | 1 Activewebsoftwares | 1 Active Bids | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php. | |||||
| CVE-2008-4590 | 1 Stash | 1 Stash | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to admin/login.php and (2) the post parameter to admin/news.php. | |||||
| CVE-2009-0279 | 1 Pardalcms | 1 Pardalcms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3355 | 1 Camera Life | 1 Camera Life | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. | |||||
| CVE-2007-4173 | 1 Hunkaray Okul | 1 Portaly | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-3080. | |||||
| CVE-2009-0829 | 1 Andrew Freed | 1 Quotebook | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in QuoteBook allow remote attackers to execute arbitrary SQL commands via the (1) MyBox and (2) selectFavorites parameters to (a) quotes.php and the (3) QuoteName and (4) QuoteText parameters to (b) quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6225 | 1 Mole-group | 1 Airline Ticket Sale Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out such false informations. Such scripts or versions [do not] exist. | |||||
| CVE-2009-2616 | 1 Datachecknh | 1 Sitepal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions SitePal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-5766 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure. | |||||