Total
15703 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0385 | 1 Urulu | 1 Urulu | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with (1) statprt/js/request or (2) dyn/js/request in the PATH_INFO. | |||||
| CVE-2008-6013 | 1 Openfreeway | 1 Freeway | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Freeway before 1.4.3.210 allow remote attackers to execute arbitrary SQL commands via unspecified vectors involving the (1) advanced search result and (2) service resource pages. | |||||
| CVE-2007-5372 | 2 Dws Systems Inc., Ledgersmb | 2 Sql-ledger, Ledgersmb | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field. | |||||
| CVE-2008-1315 | 1 Php-nuke | 1 Zclassifieds | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php. | |||||
| CVE-2008-4465 | 1 Vastal I-tech | 1 Dvd Zone | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2008-1714 | 1 Fascript | 1 Faphoto | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-4583 | 1 Joomla | 2 Com Dhforum, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the DhForum (com_dhforum) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a grouplist action to index.php. | |||||
| CVE-2009-1506 | 1 Intelliants | 1 Elitius | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to banner-details.php. | |||||
| CVE-2008-6165 | 1 Easy-script | 1 Cspartner | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in gestion.php in CSPartner 0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) pseudo and (2) passe parameters. | |||||
| CVE-2007-3563 | 1 Avscripts | 1 Av Arcade | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php. | |||||
| CVE-2008-2506 | 1 Simpel Side | 1 Weblosning | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) mainid and (2) id parameters to index2.php. | |||||
| CVE-2009-3193 | 2 Joomla, Uwix | 2 Joomla, Com Digifolio | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php. | |||||
| CVE-2007-3652 | 1 Fascript | 1 Faname | 2025-04-09 | 6.8 MEDIUM | 9.8 CRITICAL |
| SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328. | |||||
| CVE-2009-1480 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors. | |||||
| CVE-2009-2781 | 1 Arabportal | 1 Arab Portal | 2025-04-09 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666. | |||||
| CVE-2008-0147 | 1 Smallnuke | 1 Smallnuke | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action. | |||||
| CVE-2008-0546 | 1 Shoppingtree | 1 Candypress Store | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp. | |||||
| CVE-2008-4467 | 1 Vastal I-tech | 1 Toner Cart | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5651 | 1 Myiosoft | 1 Easybookmarker | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in plugins/bookmarker/bookmarker_backend.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the Parent parameter. | |||||
| CVE-2008-1513 | 1 Danneo | 1 Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header. | |||||