Total
15679 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-1919 | 1 Yourfreeworld | 1 Apartment Search Script | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in listtest.php in YourFreeWorld Apartment Search Script allows remote attackers to execute arbitrary SQL commands via the r parameter. | |||||
CVE-2009-0597 | 1 W3b Cms | 1 Aka W3blabor Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action. | |||||
CVE-2008-3345 | 1 Myiosoft | 1 Easye-cards | 2025-04-09 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a pickup action. | |||||
CVE-2008-0290 | 1 Digitalhive | 1 Digitalhive | 2025-04-09 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php. | |||||
CVE-2008-2630 | 1 Joomla | 1 Com Jb2 | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter in a category action to index.php. | |||||
CVE-2007-6106 | 1 Alstrasoft | 1 E-friends | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action. | |||||
CVE-2008-3757 | 1 Yourfreeworld | 1 Forced Matrix Script | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-1509 | 1 Xlportal | 1 Xlportal | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||
CVE-2009-2142 | 1 Zipstore | 1 Zip Store Chat | 2025-04-09 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters. | |||||
CVE-2007-6667 | 1 Myphp | 1 Myphp Forum | 2025-04-09 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by CVE-2005-0413. | |||||
CVE-2008-2817 | 1 Nitropowered | 1 Nitro Web Gallery | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action. | |||||
CVE-2008-3788 | 1 Picturespro | 1 Picturespro Photo Cart | 2025-04-09 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php. | |||||
CVE-2008-5196 | 1 Php-fusion | 2 Php-fusion, The Kroax Module | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
CVE-2008-6241 | 1 China-on-site | 1 Flexphpsite | 2025-04-09 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php. | |||||
CVE-2008-6256 | 1 Vbulletin | 1 Vbulletin | 2025-04-09 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022. | |||||
CVE-2009-0401 | 1 Ephpscripts | 1 E-php Cms | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in browsecats.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
CVE-2009-4057 | 2 Inertialfate, Joomla | 2 Com If Nexus, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to index.php. | |||||
CVE-2009-3319 | 1 Dimofinf | 1 Dawaween | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018. | |||||
CVE-2008-1954 | 1 Webcalendar | 1 Web Calendar Pro | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
CVE-2007-6391 | 1 Sh-news | 1 Sh-news | 2025-04-09 | 7.5 HIGH | N/A |
SQL injection vulnerability in patch/comments.php in SH-News 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. |