Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1298 | 2 Kyantonius, Php-nuke | 2 Hadith Module, Hadith Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Hadith module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter in a viewcat action to modules.php.
|
|||||
| CVE-2008-0254 | 1 Wavelink Media | 1 Tutorialcms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter.
|
|||||
| CVE-2008-0291 | 1 Hangzhou Rui-qiang | 1 Richstrong Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2008-4650 | 1 Mywebland | 1 Myevent | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewevent.php in myEvent 1.6 allows remote attackers to execute arbitrary SQL commands via the eventdate parameter.
|
|||||
| CVE-2008-5950 | 1 Aspapps | 1 Template Creature | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in media/media_level.asp in ASP Template Creature allows remote attackers to execute arbitrary SQL commands via the mcatid parameter.
|
|||||
| CVE-2008-0290 | 1 Digitalhive | 1 Digitalhive | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php.
|
|||||
| CVE-2007-5180 | 1 Ohesa Emlak Portali | 1 Ohesa Emlak Portali | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow remote attackers to execute arbitrary SQL commands via the (1) Kategori parameter in satilik.asp and the (2) Emlak parameter in detay.asp.
|
|||||
| CVE-2008-6697 | 2 Michael Fritz, Typo3 | 2 Worldcup, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2009-4229 | 1 Activewebsoftwares | 1 Active Bids | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter in the PATH_INFO to the default URI or (2) the catid parameter to default.asp. NOTE: this might overlap CVE-2009-0429.3. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3563 | 1 Avscripts | 1 Av Arcade | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php.
|
|||||
| CVE-2008-5851 | 1 Mypbs | 1 Mypbs | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in My PHP Baseball Stats (MyPBS) allows remote attackers to execute arbitrary SQL commands via the seasonID parameter.
|
|||||
| CVE-2008-2858 | 1 Webchamado | 1 Webchamado | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-6393 | 1 Ace Image Hosting Script | 1 Ace Image Hosting Script | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in albums.php in Ace Image Hosting Script allows remote authenticated users to execute arbitrary SQL commands via the id parameter in editalbum mode.
|
|||||
| CVE-2008-6691 | 2 Diocese Of Portsmouth, Typo3 | 2 Pd Calendar Today, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Diocese of Portsmouth Calendar Today (pd_calendar_today) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2009-3665 | 1 Nullam | 1 Nullam Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) i parameter or (2) v parameters in a register action.
|
|||||
| CVE-2008-4469 | 1 Vastal I-tech | 1 Freelance Zone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the coder_id parameter.
|
|||||
| CVE-2008-2411 | 1 Sazcart | 1 Sazcart | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action.
|
|||||
| CVE-2008-5491 | 1 Slimcms | 1 Slimcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter.
|
|||||
| CVE-2008-1346 | 1 Myiosoft | 1 Easycalendar | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action.
|
|||||
| CVE-2008-7038 | 2 Maxdev, Phpnuke | 2 My Egallery, Php-nuke | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
|
|||||
| CVE-2009-2881 | 1 Artis.imag | 1 Basilic | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/.
|
|||||
| CVE-2008-5640 | 1 Activewebsoftwares | 1 Active Bids | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
|
|||||
| CVE-2008-4895 | 1 Yourfreeworld | 1 Downline Builder Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-2179 | 1 W2b | 1 Phpdatingclub | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter.
|
|||||
| CVE-2007-5372 | 2 Dws Systems Inc., Ledgersmb | 2 Sql-ledger, Ledgersmb | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.
|
|||||
| CVE-2008-1065 | 1 Xoops | 1 Xm Memberstats | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in the XM-Memberstats (xmmemberstats) 2.0e module for XOOPS allow remote attackers to execute arbitrary SQL commands via the (1) letter or (2) sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-6458 | 1 My123tkshop | 1 E-commerce-suite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php.
|
|||||
| CVE-2008-0099 | 1 Myphp Forum | 1 Myphp Forum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the searchtext parameter to search.php, and unspecified other vectors.
|
|||||
| CVE-2008-3416 | 1 Icebb | 1 Icebb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules/members.php in IceBB before 1.0-rc9.3 allows remote attackers to execute arbitrary SQL commands via the username parameter in a members action to index.php, related to an incorrect protection mechanism in the clean_string function in includes/functions.php.
|
|||||
| CVE-2008-5194 | 1 Softvisions Software | 1 Online Booking Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-4305 | 1 Moodle | 1 Moodle | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."
|
|||||
| CVE-2008-6642 | 1 Dotcontent | 1 Fluentcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.php in DotContent FluentCMS 4.x allows remote attackers to execute arbitrary SQL commands via the sid parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-1764 | 1 Bokecc | 1 Maxcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a digg action.
|
|||||
| CVE-2007-3687 | 1 Infernotechnologies | 1 Rpg Inferno | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do action.
|
|||||
| CVE-2009-3972 | 2 Joomla, Qproje | 2 Joomla\!, Com Siirler | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Q-Proje Siirler Bileseni (com_siirler) component 1.2 RC for Joomla! allows remote attackers to execute arbitrary SQL commands via the sid parameter in an sdetay action to index.php.
|
|||||
| CVE-2007-1163 | 1 Webspell | 1 Webspell | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.
|
|||||
| CVE-2007-6159 | 1 Tilde | 1 Tilde Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to execute arbitrary SQL commands via the aarstal parameter in a yeardetail action, a different vector than CVE-2006-1500.
|
|||||
| CVE-2009-4360 | 2 Handcoders, Xoops | 2 Content Module, Xoops | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules/content/index.php in the Content module 0.5 for XOOPS allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2008-4806 | 1 Ibm | 1 Lotus Connections | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via the sortField parameter to unspecified components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-4897 | 1 Logz | 1 Logz | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in fichiers/add_url.php in Logz podcast CMS 1.3.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the art parameter.
|
|||||