Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2446 | 1 Wgcc | 1 Web Group Communication Center | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) userid parameter to (a) profile.php in a "show moreinfo" action; the (2) bildid parameter to (b) picturegallery.php in a shownext action; the (3) id parameter to (c) filebase.php in a freigeben action, (d) schedule.php in a del action, and (e) profile.php in an observe action; and the (4) pmid parameter in a ...
Show More |
|||||
| CVE-2008-6242 | 1 Scripts-for-sites | 1 Ez E-store | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SearchResults.php in Scripts For Sites (SFS) EZ e-store allows remote attackers to execute arbitrary SQL commands via the where parameter.
|
|||||
| CVE-2008-0816 | 1 Com Sg | 1 Com Sg | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the com_sg component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the pid parameter in an order task.
|
|||||
| CVE-2008-0695 | 1 Bookmarkx | 1 Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in BookmarkX script 2007 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a showtopic action.
|
|||||
| CVE-2008-5800 | 1 Typo3 | 2 Fsmi People, Wir Ber Uns Extension | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2007-4056 | 1 Adult Directory | 1 Adult Directory | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. NOTE: the original report indicated that this was the "photo" SourceForge project (aka Maan Bsat Photo Collection), but that was incorrect.
|
|||||
| CVE-2008-6392 | 1 1scripts | 1 Z1exchange | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showads.php in Z1Exchange allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-6091 | 1 Jiro | 1 Banner System | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field.
|
|||||
| CVE-2009-0808 | 1 Simple Cmms | 1 Simplecmms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-3498 | 1 Hbcms | 1 Hbcms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
|
|||||
| CVE-2008-6911 | 1 Brewblogger | 1 Brewblogger | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the authenticateUser function in includes/authentication.inc.php in BrewBlogger (BB) 2.1.0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the loginUsername parameter to includes/logincheck.inc.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-4039 | 1 Spice Classifieds | 1 Spice Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Spice Classifieds allows remote attackers to execute arbitrary SQL commands via the cat_path parameter.
|
|||||
| CVE-2008-3507 | 1 Wogan May | 1 Litenews | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.
|
|||||
| CVE-2008-3768 | 1 Turnkeywebtools | 1 Sunshop Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors.
|
|||||
| CVE-2007-4920 | 1 Php Webquest | 1 Php Webquest | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter.
|
|||||
| CVE-2007-5408 | 1 Cplinks | 1 Cpdynalinks | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
|||||
| CVE-2008-5607 | 2 Joomitaly, Joomla | 2 Jmovies, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JMovies (aka JM or com_jmovies) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
|
|||||
| CVE-2008-5070 | 1 Pro Chat Rooms | 1 Pro Chat Rooms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Pro Chat Rooms 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the gud parameter to (1) profiles/index.php and (2) profiles/admin.php.
|
|||||
| CVE-2008-6241 | 1 China-on-site | 1 Flexphpsite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.
|
|||||
| CVE-2008-4497 | 1 Built2go | 1 Real Estate Listings | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
|
|||||
| CVE-2008-4889 | 1 Dev\!l\'s | 1 Clanportal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action.
|
|||||
| CVE-2008-2834 | 1 Sidb | 1 Scientific Image Database | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in projects.php in Scientific Image DataBase 0.41 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-4518 | 1 Fastpublish | 1 Fastpublish Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php.
|
|||||
| CVE-2008-4885 | 1 Yourfreeworld | 1 Scrolling Text Ads Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-2553 | 1 Supersimple | 1 Super Simple Blog Script | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in comments.php in Super Simple Blog Script 2.5.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the entry parameter.
|
|||||
| CVE-2008-6250 | 1 Comdev | 1 Comdev Web Blogger | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter to a blog page.
|
|||||
| CVE-2009-4059 | 2 .joomclan, Joomla | 2 Com Joomclip, Joomla\! | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php.
|
|||||
| CVE-2009-3499 | 1 Bpowerhouse | 1 Bplawyercasedocuments | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2008-2067 | 1 Minibb | 1 Minibb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable.
|
|||||
| CVE-2009-1347 | 1 Chcounter | 1 Chcounter | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field).
|
|||||
| CVE-2008-6917 | 1 Exoscripts | 1 Exophpdesk | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username (user parameter).
|
|||||
| CVE-2008-2845 | 1 Mybizz-classifieds | 1 Mybizz-classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in MyBizz-Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2009-0403 | 1 Chipmunk Scripts | 1 Chipmunk Blogger | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/authenticate.php in Chipmunk Blogger Script allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
|
|||||
| CVE-2007-6634 | 1 Netbizcity | 1 Faqmasterflexplus | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to execute arbitrary SQL commands via the category_id parameter to faq.php, and unspecified other vectors involving additional scripts.
|
|||||
| CVE-2009-0379 | 1 Joomla | 2 Com Pcchess, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Prince Clan Chess Club (com_pcchess) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the game_id parameter in a showgame action to index.php, a different vector than CVE-2008-0761.
|
|||||
| CVE-2008-7003 | 1 The-rat-cms | 1 The-rat-cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alpha 2 allow remote attackers to execute arbitrary SQL commands via the (1) user_id and (2) password parameter.
|
|||||
| CVE-2008-5973 | 1 Activewebsoftwares | 1 Active Web Mail | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.
|
|||||
| CVE-2009-3246 | 1 Mybuxscript | 1 Pts-bux | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute arbitrary SQL commands via the id parameter in an spnews action to the default URI. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5493 | 1 Phpstore | 2 Wholesale, Wholesales | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-1791 | 1 Mygamingladder | 1 Mygamingladder | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the ladderid parameter.
|
|||||