Total
15705 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3765 | 1 Discountedscripts | 1 Quick Poll Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0296 | 1 Gempar | 1 Script Toko Online | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop_display_products.php in Script Toko Online 5.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-5813 | 1 Spip | 1 Spip | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4056 | 1 Adult Directory | 1 Adult Directory | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. NOTE: the original report indicated that this was the "photo" SourceForge project (aka Maan Bsat Photo Collection), but that was incorrect. | |||||
| CVE-2008-1220 | 1 Phpnuke | 1 4nchat | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5336 | 1 Bdigital Web Solutions | 1 Webstudio Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WebStudio CMS allows remote attackers to execute arbitrary SQL commands via the pageid parameter. | |||||
| CVE-2009-3642 | 1 Frontrange | 1 Heat | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Call Logging feature in FrontRange HEAT 8.01 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2008-6614 | 1 Impliedbydesign | 1 Ibd Micro Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass parameter (aka the Password field). | |||||
| CVE-2009-2638 | 2 Joomla, Konze | 2 Joomla, Com Akobook | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php. | |||||
| CVE-2008-5599 | 1 Merlix | 1 Teamworx Server | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter (aka passwd field) in a login action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1409 | 1 E107 | 1 E107 | 2025-04-09 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320. | |||||
| CVE-2008-3377 | 1 Brandon Tallent | 1 Phptest | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter. | |||||
| CVE-2008-4043 | 1 Aj Square | 1 Aj Hyip | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php and (2) prime/article/comment.php. | |||||
| CVE-2008-0611 | 2 Rmsoft, Xoops | 2 Gallery System, Xoops | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5924 | 1 Asp-dev | 1 Xm Events Diary | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0721 | 1 Mambo | 1 Com Sermon | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter. | |||||
| CVE-2008-0517 | 3 Darko Selesi, Joomla, Mambo | 3 Estateagent, Joomla, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action. | |||||
| CVE-2008-3752 | 1 Yourfreeworld | 1 Ad-exchange Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1842 | 1 Phpnuke | 1 Php-nuke | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header. | |||||
| CVE-2009-0409 | 1 Mzbservices | 1 Max.blog | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||