Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2777 | 1 Garagesalesjunkie | 1 Garagesales Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter.
|
|||||
| CVE-2009-2603 | 1 E-supportportal | 1 Escon Supportportal Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Escon SupportPortal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) tid parameters.
|
|||||
| CVE-2008-2555 | 1 Easyway | 1 Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in EasyWay CMS allows remote attackers to execute arbitrary SQL commands via the mid parameter.
|
|||||
| CVE-2009-2148 | 1 Campusvirtualcomputrade | 1 Campus Virtual-lms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news/index.php in Campus Virtual-LMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-1747 | 1 26thavenue | 1 Bspeak | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in a post action.
|
|||||
| CVE-2008-2205 | 1 Maianscriptworld | 1 Maian Music | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action.
|
|||||
| CVE-2008-2286 | 1 Symantec | 1 Altiris Deployment Solution | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.
|
|||||
| CVE-2009-1952 | 1 Propertymaxpro | 1 Propertymax Pro Free | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the administrative login feature in PropertyMax Pro FREE 0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
|
|||||
| CVE-2008-3355 | 1 Camera Life | 1 Camera Life | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.
|
|||||
| CVE-2008-4356 | 1 Kasseler-cms | 1 Kasseler Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid parameter to index.php in a ShowForum action to the Forum module; (4) the tid parameter to index.php in a ShowTopic action to the Forum module; (5) the uname parameter to index.php in a UserInfo action to the ...
Show More |
|||||
| CVE-2007-6299 | 1 Drupal | 1 Drupal | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules.
|
|||||
| CVE-2008-5838 | 1 Ephpscripts | 1 E-shop Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search_results.php in E-Php Scripts E-Shop (aka E-Php Shopping Cart) Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2008-1982 | 1 Wordpress | 2 Wordpress, Wpss | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter.
|
|||||
| CVE-2009-2612 | 1 Prosmdr | 1 Prosmdr | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.aspx in ProSMDR allows remote attackers to execute arbitrary SQL commands via the txtUser parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-4716 | 1 Phd | 1 Help Desk | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-2359 | 1 Yasinkaplan | 1 Tekradius | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text box in the Users tab; or (2) the command-line client, as demonstrated by a certain trcli -r command.
|
|||||
| CVE-2008-5992 | 1 Jetik | 1 Jetik Emlak Sistem A | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) 2.0 allow remote attackers to execute arbitrary SQL commands via the KayitNo parameter to (1) diger.php and (2) sayfalar.php.
|
|||||
| CVE-2008-0821 | 1 Osi Codes Inc. | 1 Phplive | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action.
|
|||||
| CVE-2008-0255 | 1 Igamingcms | 1 Igaming Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter.
|
|||||
| CVE-2007-4634 | 1 Cisco | 2 Call Manager, Unified Communications Manager | 2025-04-09 | 9.3 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.
|
|||||
| CVE-2008-4643 | 1 Mywebland | 1 Mystats | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
|
|||||
| CVE-2008-2565 | 1 Php-address Book | 1 Php-address Book | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected.
|
|||||
| CVE-2007-6202 | 1 Neocrome | 1 Seditio | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in plugins/search/search.php in Neocrome Seditio CMS 121 and earlier allows remote attackers to execute arbitrary SQL commands via the pag_sub[] parameter to plug.php.
|
|||||
| CVE-2009-0295 | 1 Itlpoll | 1 Itpoll | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-3590 | 1 Vspanel | 1 Vs Panel | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter.
|
|||||
| CVE-2009-1657 | 1 B2evolution | 2 B2evolution, Starrating Plugin | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-2235 | 1 Yourarticlesdirectory | 1 Your Articles Directory | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in page.php in Your Articles Directory allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-4534 | 1 Ec-cube | 1 Ec-cube | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and Ver2 RC 2.3.0-rc1 and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-6289 | 1 Toursmanager | 1 Tours Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in cityview.php in Tours Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the cityid parameter.
|
|||||
| CVE-2008-7119 | 1 Webidsupport | 1 Webid | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6883 | 2 Joomla, Joompolitan | 2 Joomla, Com Livechat | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Live Chat (com_livechat) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the last parameter to getChatRoom.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-4604 | 1 Cafeengine | 1 Easycafeengine | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter.
|
|||||
| CVE-2008-3748 | 1 Lbstone | 2 Active Php Bookmarks, Apb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-1852 | 1 Graphiks | 1 Myforum | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
|
|||||
| CVE-2008-5064 | 1 H\&h | 1 Websoccer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in liga.php in H&H WebSoccer 2.80 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6593 | 2 Lightneasy, Sqlite | 2 Lightneasy, Sqlite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php.
|
|||||
| CVE-2007-5998 | 1 Softbizscripts | 1 Ad Management Plus Script | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter.
|
|||||
| CVE-2007-6223 | 1 Phpbb | 1 Garage | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 allows remote attackers to execute arbitrary SQL commands via the make_id parameter in a search action in browse mode.
|
|||||
| CVE-2008-6641 | 1 Aspindir | 1 Shader Tv | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp.
|
|||||
| CVE-2009-3659 | 1 Stanback | 1 Bs Counter | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||