Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4604 | 1 Dinkumsoft.com | 1 Dl Paycart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
|
|||||
| CVE-2008-2177 | 1 Php Directory Source | 1 Phpdirectorysource | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to show.php and the (2) login parameter to admin.php.
|
|||||
| CVE-2008-4531 | 1 Drupal | 1 Brilliant Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338.
|
|||||
| CVE-2009-0727 | 1 Tony Iha Kazungu | 1 Taifajobs | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the jobid parameter.
|
|||||
| CVE-2008-0649 | 1 Adp | 1 Astanda Directory Project | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.php in Astanda Directory Project (ADP) 1.2 and 1.3 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.
|
|||||
| CVE-2009-2209 | 1 Rs-cms | 1 Rs-cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the key parameter.
|
|||||
| CVE-2008-6640 | 1 Aspindir | 1 Batmanportal | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and (2) profil.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3447 | 1 Bugmall | 1 Shopping Cart | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected.
|
|||||
| CVE-2009-0574 | 1 Cafeengine | 1 Easycafeengine | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Easy CafeEngine allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-4604.
|
|||||
| CVE-2008-6923 | 1 Joomla | 2 Com Content, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the content component (com_content) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter in a blogcategory action to index.php.
|
|||||
| CVE-2009-0452 | 1 Onlinegrades | 1 Online Grades | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in parents/login.php in Online Grades 3.2.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameter.
|
|||||
| CVE-2008-1934 | 1 Crazy Goomba | 1 Crazy Goomba | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-5123 | 1 Castillocentral | 1 Ccleague | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter.
|
|||||
| CVE-2009-2082 | 1 Creative Web Solutions | 1 Multi-level Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in insidepage.php in Creative Web Solutions Multi-Level CMS 1.21 allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-3556 | 1 Haudenschilt | 1 Battlenet Clan Script | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522.
|
|||||
| CVE-2008-4350 | 1 Vblogix | 1 Tutorial Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
|
|||||
| CVE-2008-4746 | 1 Uniwin | 1 Ecart Professional | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) search.asp and (2) cartUtil.asp.
|
|||||
| CVE-2009-3042 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040.
|
|||||
| CVE-2008-5774 | 1 Aspsiteware | 1 Homebuilder | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to (a) type.asp and (b) type2.asp and the (2) iPro parameter to (c) detail.asp.
|
|||||
| CVE-2008-6517 | 1 Nick Jenkin | 1 Newshowler | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in NewsHOWLER 1.03 Beta allows remote attackers to execute arbitrary SQL commands via the news_user cookie parameter.
|
|||||
| CVE-2008-6243 | 1 Scripts For Sites | 1 Ez Hotscripts-likesite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showcategory.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2007-6656 | 1 Cmsmadesimple | 1 Cms Made Simple | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter.
|
|||||
| CVE-2008-3887 | 1 Dotproject | 1 Dotproject | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in a viewuser action.
|
|||||
| CVE-2009-3205 | 1 Cbauthority | 1 Cbauthority | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in main.php in CBAuthority allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_product action.
|
|||||
| CVE-2008-0187 | 1 Spacial Audio Solutions | 1 Samphpweb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter.
|
|||||
| CVE-2008-4785 | 1 E107 | 2 Alternate Profiles Plugin, E107 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-3118 | 1 Phpmotion | 1 Phpmotion | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the vid parameter.
|
|||||
| CVE-2009-4204 | 1 Ringsworld | 1 Flashlight Free Edition | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in read.php in Flashlight Free Edition allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6866 | 1 Php-nuke | 1 Current Issue Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules.php in the Current_Issue module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a summary action.
|
|||||
| CVE-2008-0611 | 2 Rmsoft, Xoops | 2 Gallery System, Xoops | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery System 2.0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-0730 | 3 Gigcalendar, Joomla, Mambo | 3 Com Gigcalendar, Joomla, Mambo | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.
|
|||||
| CVE-2008-5170 | 1 Easysitenetwork | 1 Cheats Complete Website | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
|
|||||
| CVE-2008-2065 | 1 Yourfreeworld | 1 Jokes Site Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter.
|
|||||
| CVE-2009-1503 | 1 Tigerdms | 1 Tigerdms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.php in Tiger Document Management System (DMS) allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
|
|||||
| CVE-2008-4046 | 1 Elitecms | 1 Elitecms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2009-0445 | 1 Dreampics | 1 Gallery Builder | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Dreampics Gallery Builder allows remote attackers to execute arbitrary SQL commands via the exhibition_id parameter in a gallery.viewPhotos action.
|
|||||
| CVE-2008-0845 | 1 Wordpress | 1 Dean Logan Wp-people Plugin | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in wp-people-popup.php in Dean Logan WP-People plugin 1.6.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the person parameter.
|
|||||
| CVE-2009-1910 | 1 Rafal Kucharski | 1 Rtwebalbum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote attackers to execute arbitrary SQL commands via the AlbumId parameter.
|
|||||
| CVE-2008-2868 | 1 Duware | 1 Ducalendar | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the iEve parameter.
|
|||||
| CVE-2008-3861 | 1 Phpmyrealty | 1 Phpmyrealty | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php.
|
|||||