Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1027 | 1 Opencart | 1 Opencart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter.
|
|||||
| CVE-2008-0761 | 1 Joomla | 1 Com Pcchess | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Prince Clan Chess Club (com_pcchess) 0.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a players action.
|
|||||
| CVE-2008-4091 | 1 Source Workshop | 1 Web Directory Script | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.
|
|||||
| CVE-2007-6639 | 1 Iptbb Team | 1 Iptbb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewdir action.
|
|||||
| CVE-2008-6163 | 1 Openx | 1 Openx | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter.
|
|||||
| CVE-2008-6487 | 1 Digiappz | 1 Digiaffiliate | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.asp in Digiappz DigiAffiliate 1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) admin and (2) password fields.
|
|||||
| CVE-2008-1626 | 1 Eggblog | 1 Eggblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159.
|
|||||
| CVE-2008-6678 | 1 Quickersite | 1 Quickersite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp.
|
|||||
| CVE-2009-0825 | 1 Torben Sorensen | 1 Tinx\/cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-4462 | 1 Vastal I-tech | 1 Visa Zone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_news.php in Vastal I-Tech Visa Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
|
|||||
| CVE-2008-0918 | 2 Astats, Joomla | 2 Astatspro, Com Astatspro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-3251 | 1 Tpl Design | 1 Tplsoccersite | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/.
|
|||||
| CVE-2009-2895 | 1 Phpsugar | 1 Ultimate Regnow Affiliate | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2008-2130 | 1 Igaming | 1 Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6394 | 1 Cs-cart | 1 Cs-cart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter.
|
|||||
| CVE-2008-7044 | 1 Ajsquare | 1 Free Polling Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/include/newpoll.php in AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to execute arbitrary SQL commands via the ques parameter.
|
|||||
| CVE-2007-6338 | 1 Trivantis | 1 Coursemill Enterprise Learning Management System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill Enterprise Learning Management System 4.1 SP4 allows remote attackers to execute arbitrary SQL commands via the user parameter (username field). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-1404 | 1 Exv2 | 1 Exv2 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in the Viso (Industry Book) 2.04 and 2.03 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the kid parameter.
|
|||||
| CVE-2008-6156 | 1 Formfields | 1 Adman | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 allows remote authenticated users to execute arbitrary SQL commands via the campaignId parameter.
|
|||||
| CVE-2008-0286 | 1 Article Dashboard | 1 Article Dashboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/login.php in Article Dashboard allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields.
|
|||||
| CVE-2008-3603 | 1 Vacation Rentals | 1 Vacation Rental Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action.
|
|||||
| CVE-2007-4258 | 1 Prozilla | 1 Prozilla Pub Site Directory | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in directory.php in Prozilla Pub Site Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2008-3787 | 1 Nullscripts | 1 Web Directory Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
|
|||||
| CVE-2008-0776 | 1 Itechscripts | 1 Itechbids | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
|
|||||
| CVE-2009-3252 | 1 Dave Robinson | 1 Rockbandcms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters.
|
|||||
| CVE-2009-0428 | 1 Dmxready | 1 Secure Document Library | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Secure Document Library 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2008-5665 | 1 Xoops | 1 Xoops | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter.
|
|||||
| CVE-2008-6233 | 1 Fivedollarscripts | 1 Drinks | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Five Dollar Scripts Drinks script allows remote attackers to execute arbitrary SQL commands via the recid parameter.
|
|||||
| CVE-2008-4657 | 1 Typo3 | 2 Econda Plugin, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-3752 | 1 Yourfreeworld | 1 Ad-exchange Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-3970 | 1 Phpdirsubmit | 1 Php Dir Submit | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in PHP Dir Submit (aka WebsiteSubmitter or Submitter Script) allows remote authenticated users to execute arbitrary SQL commands via the aid parameter in a showarticle action.
|
|||||
| CVE-2009-0380 | 3 Joomla, Mambo-foundation, Sigsiu.net | 3 Joomla, Mambo, Sobi2 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2
|
|||||
| CVE-2009-4158 | 2 Mario Matzulla, Typo3 | 2 Cal, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-1968 | 1 Cezannesw | 1 Cezanne | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp.
|
|||||
| CVE-2008-5131 | 1 Develop It Easy | 1 News And Article System | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php).
|
|||||
| CVE-2009-0531 | 1 Ontarioabandonedplaces | 1 A Better Member-based Asp Photo Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter.
|
|||||
| CVE-2008-1039 | 1 Porar | 1 Webboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in question.asp in PORAR WEBBOARD allows remote attackers to execute arbitrary SQL commands via the QID parameter.
|
|||||
| CVE-2008-1351 | 1 Xoops | 1 Tutoriais Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage action to index.php.
|
|||||
| CVE-2008-0833 | 1 Joomla | 1 Com Galeria | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the com_galeria component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
|
|||||
| CVE-2007-6269 | 1 Xigla | 1 Absolute News Manager.net | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in Absolute News Manager.NET 5.1 allow remote attackers to execute arbitrary SQL commands via the (1) z, (2) pz, (3) ord, and (4) sort parameters.
|
|||||