Total
15703 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2791 | 1 Kalptaru Infotech | 1 Comparison Engine Power Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5629 | 1 Turnkeyarcade | 1 Turnkey Arcade Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action. | |||||
| CVE-2009-2601 | 2 Joomla, Joomlaequipment | 2 Joomla\!, Juser | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php. | |||||
| CVE-2008-2487 | 1 Maxsite | 1 Maxsite | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a webboard action. | |||||
| CVE-2008-1406 | 1 Exv2 | 1 Exv2 | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the lid parameter in an ImprAnn action. | |||||
| CVE-2008-6980 | 1 Phpadultsite | 1 Phpadultsite Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to execute arbitrary SQL commands via the results_per_page parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6475 | 1 Drake Team | 1 Drake Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the guestbook component (components/guestbook/guestbook.php) in Drake CMS 0.4.11 and earlier allows remote attackers to execute arbitrary SQL commands via the Via HTTP header (HTTP_VIA) to index.php. | |||||
| CVE-2009-0334 | 1 Katywhitton | 1 Blogit\! | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action. | |||||
| CVE-2008-5631 | 1 Activewebsoftwares | 1 Active Ewebquiz | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0154 | 1 Evilboard | 1 Evilboard | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter. | |||||
| CVE-2008-6197 | 1 Kwsphp | 2 Galerie Module, Kwsphp | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the galerie module for KwsPHP 1.3.456 allows remote attackers to execute arbitrary SQL commands via the id_gal parameter in a gal action. | |||||
| CVE-2008-1554 | 1 Topper | 1 Toppermod | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in account/index.php in TopperMod 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a non-alphanumeric first character the localita parameter, which bypasses a protection mechanism. | |||||
| CVE-2007-5999 | 1 Softbizscripts | 1 Softbiz Auctions Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2345 | 1 Clansphere | 1 Clansphere | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components. | |||||
| CVE-2008-4092 | 1 Myphpnuke | 1 Myphpnuke | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter. | |||||
| CVE-2007-4863 | 1 Quirm | 1 Saxon | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in example.php in SAXON 5.4 allows remote attackers to execute arbitrary SQL commands via the template parameter. | |||||
| CVE-2008-5321 | 2 Xoops, Xoops Hocasi | 2 Xoops, Gesgaleri | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter. | |||||
| CVE-2008-7091 | 1 Pligg | 1 Pligg Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php. | |||||
| CVE-2008-6326 | 1 Simplecustomer | 1 Simple Customer | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Simple Customer as downloaded on 20081118 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4337 | 2 Simon Rundell, Typo3 | 2 Pd Calendar Today, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691. | |||||