Total
15689 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2817 | 1 Nitropowered | 1 Nitro Web Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action. | |||||
| CVE-2008-3788 | 1 Picturespro | 1 Picturespro Photo Cart | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php. | |||||
| CVE-2008-5196 | 1 Php-fusion | 2 Php-fusion, The Kroax Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2008-6241 | 1 China-on-site | 1 Flexphpsite | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php. | |||||
| CVE-2008-6256 | 1 Vbulletin | 1 Vbulletin | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022. | |||||
| CVE-2009-0401 | 1 Ephpscripts | 1 E-php Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browsecats.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2009-4057 | 2 Inertialfate, Joomla | 2 Com If Nexus, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action to index.php. | |||||
| CVE-2009-3319 | 1 Dimofinf | 1 Dawaween | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018. | |||||
| CVE-2008-1954 | 1 Webcalendar | 1 Web Calendar Pro | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2007-6391 | 1 Sh-news | 1 Sh-news | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in patch/comments.php in SH-News 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5087 | 1 Typo3 | 2 Another Backend Login, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6028 | 1 University Of Queensland | 1 Fez | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in list.php in University of Queensland Library Fez 1.3 and 2.0 RC1 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter in a subject action. | |||||
| CVE-2008-2380 | 1 Courier-mta | 1 Courtier-authlib | 2025-04-09 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes. | |||||
| CVE-2009-2242 | 1 Aaronoutpost | 1 Asp Inline Corporate Calendar | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2009-0593 | 1 Plxwebdev | 1 Plx Auto Reminder | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in members.php in plx Auto Reminder 3.7 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a newar action. | |||||
| CVE-2008-4463 | 1 Vastal I-tech | 1 Jobs Zone | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | |||||
| CVE-2008-2125 | 1 Musicbox | 1 Musicbox | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2.3.7 allows remote attackers to execute arbitrary SQL commands via the artistId parameter. | |||||
| CVE-2008-0752 | 2 Joomla, Mambo | 2 Com Neogallery, Com Neogallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Neogallery (com_neogallery) 1.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show action. | |||||
| CVE-2008-5226 | 3 Joomla, Mambads, Mambo | 3 Joomla, Mambads, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177. | |||||
| CVE-2008-5977 | 1 Preprojects | 1 Php Jobwebsite Pro | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action. | |||||