Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6381 | 1 Bcoos | 1 Bcoos | 2025-04-09 | 4.6 MEDIUM | N/A |
|
SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2009-0109 | 1 Riotpix | 1 Riotpix | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-6578 | 1 Zeak.net | 1 Php Zlink | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6120 | 1 Socialengine | 1 Socialengine | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter.
|
|||||
| CVE-2009-0705 | 1 Powerscripts | 1 Powernews | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
|
|||||
| CVE-2008-3133 | 1 Barenuked | 1 Barenuked Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the password parameter.
|
|||||
| CVE-2009-3504 | 1 Alibabaclone | 1 Alibaba Clone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-2063 | 1 Joovili | 1 Joovili | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
|||||
| CVE-2008-5599 | 1 Merlix | 1 Teamworx Server | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter (aka passwd field) in a login action. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5813 | 1 Spip | 1 Spip | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6266 | 1 Appstate | 1 Phpwebsite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in links.php in Appalachian State University phpWebSite allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.
|
|||||
| CVE-2008-1316 | 1 Qt-cute | 1 Quicktalk Forum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickTalk Forum 1.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-4883 | 1 Yourfreeworld | 1 Blog Blaster Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-3765 | 1 Discountedscripts | 1 Quick Poll Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-5766 | 1 Oracle | 1 E-business Suite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite 11 and 12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: this is probably the same issue as CVE-2007-5527 or CVE-2007-5528, but there are insufficient details to be sure.
|
|||||
| CVE-2008-6101 | 1 Ezonescripts | 1 Adult Banner Exchange Website | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in click.php in Adult Banner Exchange Website allows remote attackers to execute arbitrary SQL commands via the targetid parameter.
|
|||||
| CVE-2008-6337 | 2 Joomla, Joomlaapps | 2 Joomla, Com Volunteer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Volunteer Management System (com_volunteer) module 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the job_id parameter in a jobshow action to index.php.
|
|||||
| CVE-2007-5123 | 1 Solidweb | 1 Novus | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in notas.asp in Novus 1.0 allows remote attackers to execute arbitrary SQL commands via the nota_id parameter.
|
|||||
| CVE-2008-6595 | 1 Typo3 | 1 Pmk Rssnewsexport Extension | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the pmk_rssnewsexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-7210 | 1 Ming Han | 1 Ajchat | 2025-04-09 | 7.5 HIGH | N/A |
|
directory.php in AJchat 0.10 allows remote attackers to bypass input validation and conduct SQL injection attacks via a numeric parameter with a value matching the s parameter's hash value, which prevents the associated $_GET["s"] variable from being unset. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in AJChat.
|
|||||
| CVE-2008-2968 | 1 Yektaweb | 1 Academic Web Tools | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
|
|||||
| CVE-2007-3933 | 1 Quickestore | 1 Quickestore | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053.
|
|||||
| CVE-2008-5559 | 1 Dazzlindonna | 1 Postecards | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sendcard.cfm in PostEcards allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2008-4703 | 1 Bosdev | 1 Bosnews | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows remote attackers to execute arbitrary SQL commands via the article parameter.
|
|||||
| CVE-2008-0453 | 1 Easysitenetwork | 1 Recipe Website Script | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in list.php in Easysitenetwork Recipe allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
|
|||||
| CVE-2009-2590 | 1 Resalecode | 1 Hutscripts Php Website Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2008-4738 | 1 Tufat | 1 Mycard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-3497 | 1 Vastal | 1 Agent Zone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-5272 | 1 Furkan Tastan Blog | 1 Furkan Tastan Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in kategori.asp in Furkan Tastan Blog allows remote attackers to execute arbitrary SQL commands via the id parameter in a goster kat action.
|
|||||
| CVE-2008-6076 | 2 Jlleblanc, Joomla | 2 Com Dailymessage, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Daily Message (com_dailymessage) 1.0.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
|
|||||
| CVE-2008-0510 | 2 Joomla, Mambo | 3 Com Newsletter, Com Newsletter, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
|
|||||
| CVE-2008-6985 | 1 Zen-cart | 1 Zen Cart | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.
|
|||||
| CVE-2008-4521 | 1 Php-fusion | 1 World Of Warcraft Tracker Infusion Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter.
|
|||||
| CVE-2009-4199 | 3 Joomla, Mambo-foundation, Mamboforge | 3 Joomla\!, Mambo, Com Mosres | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php.
|
|||||
| CVE-2007-5261 | 1 Iscripts | 1 Multicart | 2025-04-09 | 6.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php.
|
|||||
| CVE-2008-0360 | 1 Blog Cms | 1 Blog Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to execute arbitrary SQL commands via (1) the blogid parameter to index.php, (2) the user parameter to action.php, or (3) the field parameter to admin/plugins/table/index.php.
|
|||||
| CVE-2008-0138 | 1 Xoops | 1 Xoopsgallery Module | 2025-04-09 | 6.8 MEDIUM | N/A |
|
PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php in the mod_gallery module for XOOPS, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the GALLERY_BASEDIR parameter.
|
|||||
| CVE-2009-2786 | 2 Punbb, Reputation | 2 Punbb, Reputation | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter.
|
|||||
| CVE-2008-1838 | 1 Bosdev | 1 Bosclassifieds Ads Systems | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in BosClassifieds Classified Ads System 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.
|
|||||
| CVE-2009-3212 | 1 Dimofinf | 1 Infinity Script | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field.
|
|||||