Total
15703 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6544 | 1 Runcms | 1 Runcms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/. | |||||
| CVE-2008-6652 | 1 Insanevisions | 1 Onecms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter. | |||||
| CVE-2008-0157 | 1 Flexbb | 1 Flexbb | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie. | |||||
| CVE-2008-6467 | 1 Dieselscripts | 1 Diesel Job Site | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jobs/jobseekers/job-info.php in Diesel Job Site allows remote attackers to execute arbitrary SQL commands via the job_id parameter. | |||||
| CVE-2009-1499 | 1 Joomla | 2 Com Mailto, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor. | |||||
| CVE-2007-5430 | 1 Scottmanktelow | 1 Stride Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem. | |||||
| CVE-2008-6481 | 3 Joomla, Joomprod, Mambo-foundation | 3 Joomla, Com Versioning, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. | |||||
| CVE-2008-3951 | 1 Vastal | 1 Agent Zone | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the ann_id parameter. | |||||
| CVE-2009-3972 | 2 Joomla, Qproje | 2 Joomla\!, Com Siirler | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php. | |||||
| CVE-2008-2038 | 1 Turnkey Solutions | 1 Sunshop Shopping Cart | 2025-04-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in admin/adminindex.php in Turnkey Web Tools SunShop Shopping Cart 4.1.0 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) orderby and (2) sort parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4039 | 1 Spice Classifieds | 1 Spice Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Spice Classifieds allows remote attackers to execute arbitrary SQL commands via the cat_path parameter. | |||||
| CVE-2008-4350 | 1 Vblogix | 1 Tutorial Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. | |||||
| CVE-2008-4241 | 1 Cj | 1 Ultra Plus | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie. | |||||
| CVE-2008-6468 | 1 Dieselscripts | 1 Diesel Pay | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Diesel Pay allows remote attackers to execute arbitrary SQL commands via the area parameter in a browse action. | |||||
| CVE-2008-0538 | 1 Phpip | 1 Phpip Management | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to login.php, the (2) id parameter to display.php, and unspecified other vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5571 | 1 Dotnetindex | 1 Professional Download Assistant | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6419 | 1 Socialsitegenerator | 1 Social Site Generator | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Social Site Generator (SSG) 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) sgc_id parameter to display_blog.php, (2) scm_mem_id parameter to social_my_profile_download.php, and the (3) catid parameter to social_forum_subcategories.php. | |||||
| CVE-2008-6874 | 1 Aspsiteware | 1 Autodealer | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 and 2 allow remote attackers to execute arbitrary SQL commands via the iType parameter in (1) Auto1/type.asp or (2) auto2/type.asp. | |||||
| CVE-2006-6157 | 1 Michaelis Freunde | 1 Contentnow | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter. | |||||
| CVE-2009-2365 | 1 Datachecknh | 1 Gallerypal Fe | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||