Total
15683 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2837 | 1 Cms.brdconcept | 1 Cms-brd | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CMS-BRD allows remote attackers to execute arbitrary SQL commands via the menuclick parameter. | |||||
| CVE-2008-0026 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages. | |||||
| CVE-2009-3718 | 1 Davethewebguy | 1 Battle Blog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter. | |||||
| CVE-2008-3594 | 1 Magicscripts | 2 E-store Kit-1, E-store Kit-2 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2008-2461 | 1 Netious | 1 Netious Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Netious CMS 0.4 allows remote attackers to execute arbitrary SQL commands via the pageid parameter, a different vector than CVE-2006-4047. | |||||
| CVE-2009-1433 | 1 Silverstripe | 1 Silverstripe | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter. | |||||
| CVE-2009-3349 | 1 Datavore | 1 Gyro | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a cat action to the home component. | |||||
| CVE-2009-2775 | 1 Phparcadescript | 1 Phparcadescript | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1742 | 1 Pc4arb | 1 Pc4 Uploader | 2025-04-09 | 7.5 HIGH | N/A |
| code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function. | |||||
| CVE-2008-1875 | 1 Terong | 1 Advanced Web Photo Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter. | |||||
| CVE-2007-6058 | 1 Profilecms | 1 Profilecms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) codes action in the profile-codes module, (2) videos action in the video-codes module, or (3) games action in the arcade-games module. | |||||
| CVE-2008-6608 | 1 Developiteasy | 1 Events Calendar | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter (aka user field) to admin/index.php, (2) the user_pass parameter (aka pass field) to admin/index.php, or (3) the id parameter to calendar_details.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5195 | 1 Sebrac | 1 Sebraccms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors. | |||||
| CVE-2009-0707 | 1 Powerscripts | 1 Powerclan | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0825 | 1 Torben Sorensen | 1 Tinx\/cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-7232 | 2 Canonical, Mysql | 2 Ubuntu Linux, Mysql | 2025-04-09 | 3.5 LOW | N/A |
| sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY. | |||||
| CVE-2008-5928 | 1 Flds-script | 1 Flds | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1841 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable. | |||||
| CVE-2009-3529 | 1 Radscripts | 1 Radbids | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074. | |||||
| CVE-2008-6233 | 1 Fivedollarscripts | 1 Drinks | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Five Dollar Scripts Drinks script allows remote attackers to execute arbitrary SQL commands via the recid parameter. | |||||