Total
15692 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2129 | 1 Cine | 1 Galleristic | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Galleristic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2009-3175 | 1 Boldfx | 1 Model Agency Manager Pro | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Model Agency Manager PRO (formerly Modeling Agency Content Management Script) allow remote attackers to execute arbitrary SQL commands via the user_id parameter to (1) view.php, (2) photos.php, and (3) motm.php; and the (4) id parameter to forum_message.php. | |||||
| CVE-2007-6275 | 1 Bcoos | 1 Bcoos | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266. | |||||
| CVE-2007-6462 | 1 Php Real Estate Classifieds | 1 Php Real Estate Classifieds Premium Plus | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1464 | 1 Gallarific | 1 Gallarific | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) query parameter to (a) search.php; (2) gusername and (3) gpassword parameters to (b) login.php; and the (4) username and (5) password parameters to (c) gadmin/index.php in a signin action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-3705 | 1 Fusetalk | 1 Fusetalk | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified components, related to forum/include/error/forumerror.cfm. | |||||
| CVE-2009-2608 | 1 Chatelao | 1 Php Address Book | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565. | |||||
| CVE-2008-6866 | 1 Php-nuke | 1 Current Issue Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in the Current_Issue module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a summary action. | |||||
| CVE-2008-3132 | 1 Joomla | 1 Com Beamospetition | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php. | |||||
| CVE-2008-6286 | 1 Activewebsoftwares | 1 Active Newsletter | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SubscriberStart.asp in Active Newsletter 4.3 allow remote attackers to execute arbitrary SQL commands via (1) the email parameter (aka username or E-mail field), or (2) the password parameter (aka password field), to (a) Subscriber.asp or (b) start.asp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1224 | 1 Scivox | 1 Vsp Stats Processor | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.php in vsp stats processor 0.45 allows remote attackers to execute arbitrary SQL commands via the gameID parameter. | |||||
| CVE-2008-6641 | 1 Aspindir | 1 Shader Tv | 2025-04-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp. | |||||
| CVE-2006-6747 | 1 Dreaxteam | 1 Xt-news | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter. | |||||
| CVE-2008-2692 | 1 Joomla | 1 Com Yvcomment | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php. | |||||
| CVE-2009-4338 | 2 Jean-david Gadina, Typo3 | 2 Slideshow, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2008-3034 | 1 Rss Aggregator | 1 Rss Aggregator | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php. | |||||
| CVE-2008-0850 | 1 Dokeos | 1 Dokeos | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php. | |||||
| CVE-2008-0795 | 3 Joomla, Mambo, Mgfi | 3 Joomla, Mambo, Xfaq | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. | |||||
| CVE-2008-0616 | 1 Dmsguestbook Project | 1 Dmsguestbook | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries. | |||||
| CVE-2008-0651 | 1 Pedro Santana Codice | 1 Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||