Total
15687 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0527 | 1 Website Baker | 1 Website Baker | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5927 | 1 China-on-site | 1 Flexphpnews | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5630 | 1 Qualityunit | 1 Post Affiliate Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter. | |||||
| CVE-2008-5267 | 1 Experts | 1 Experts | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in answer.php in Experts 1.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the question_id parameter. | |||||
| CVE-2008-0936 | 1 Xoops | 1 Prayer List Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action. | |||||
| CVE-2008-5306 | 1 Pilot Group | 1 Pg Real Estate Solution | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2510 | 1 Wordpress | 1 Upload File Plugin | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter. | |||||
| CVE-2008-0681 | 1 Phpshop | 1 Phpshop | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action. | |||||
| CVE-2008-7153 | 1 Docebo | 1 Docebo | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command. | |||||
| CVE-2008-2565 | 1 Php-address Book | 1 Php-address Book | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected. | |||||
| CVE-2008-6344 | 1 Typo3 | 2 Tu-clausthal Staff, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-2790 | 1 Mountaingrafix | 1 Easytrade | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in MountainGrafix easyTrade 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6380 | 1 Activewebsoftwares | 1 Active Web Helpdesk | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. | |||||
| CVE-2008-6214 | 1 Harlandscripts | 1 Pro Traffic One | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poll_results.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-7208 | 1 Insane Visions | 1 Onecms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php. | |||||
| CVE-2008-2428 | 1 Torrenttrader | 1 Torrenttrader Classic | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action. | |||||
| CVE-2009-1812 | 1 Collector | 1 Mygesuad | 2025-04-09 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php. | |||||
| CVE-2009-3337 | 1 S9y | 1 Serendipity Event Freetag | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry. | |||||
| CVE-2008-5559 | 1 Dazzlindonna | 1 Postecards | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sendcard.cfm in PostEcards allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-4901 | 1 Scripts Frenzy | 1 Article Publisher Pro | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||