Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1053 | 1 Phpnuke | 1 Kose Yazilari Module | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the Kose_Yazilari module for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the artid parameter in a (1) viewarticle or (2) printpage action to modules.php.
|
|||||
| CVE-2008-6209 | 1 Vastal | 1 Software Zone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_product.php in Vastal I-Tech Software Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
|
|||||
| CVE-2009-3184 | 1 Grapari | 1 E-gold Game Series Pirates Of The Caribbean | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Pirates of The Caribbean in the E-Gold Game Series allow remote attackers to execute arbitrary SQL commands via the (1) x and (2) y parameters.
|
|||||
| CVE-2008-4642 | 1 Astrospaces | 1 Astrospaces | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.
|
|||||
| CVE-2008-6880 | 1 Easysitenetwork | 1 Jokes Complete Website | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes Website allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-2453 | 1 Phpclassifiedsscript | 1 Php Classifieds Script | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHP Classifieds Script allow remote attackers to execute arbitrary SQL commands via the fatherID parameter to (1) browse.php and (2) search.php.
|
|||||
| CVE-2008-6466 | 2 Akirapowered, E107 | 2 Image Gallery, E107 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action.
|
|||||
| CVE-2008-2626 | 1 Battleblog | 1 Battleblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.
|
|||||
| CVE-2009-0431 | 1 Codefixer | 1 Linkspro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter.
|
|||||
| CVE-2008-0854 | 2 Joomla, Mambo | 2 Com Salesrep, Com Salesrep | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php.
|
|||||
| CVE-2008-5571 | 1 Dotnetindex | 1 Professional Download Assistant | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6038 | 1 Mapcal | 1 Mapcal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in MapCal 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an editevent action, possibly related to dsp_editevent.php.
|
|||||
| CVE-2008-0253 | 1 Binn | 1 Sbuilder | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in full_text.php in Binn SBuilder allows remote attackers to execute arbitrary SQL commands via the nid parameter.
|
|||||
| CVE-2009-4200 | 2 Joomla, Vollmar | 2 Joomla\!, Com Seminar | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php.
|
|||||
| CVE-2009-2144 | 3 Edgewall, Firestats, Wordpress | 3 Firestats, Firestats, Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the FireStats plugin before 1.6.2-stable for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-4468 | 1 Vastal I-tech | 1 Share Zone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_news.php in Vastal I-Tech Share Zone allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6368 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m allows remote attackers to execute arbitrary SQL commands via the start parameter.
|
|||||
| CVE-2008-4804 | 2 Nukedgallery, Phpnuke | 2 Gallery, Php-nuke | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
|
|||||
| CVE-2008-0546 | 1 Shoppingtree | 1 Candypress Store | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp.
|
|||||
| CVE-2008-2790 | 1 Mountaingrafix | 1 Easytrade | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.php in MountainGrafix easyTrade 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-5198 | 1 Vizzed | 1 Acmlmboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter.
|
|||||
| CVE-2008-2562 | 1 Powerphlogger | 1 Powerphlogger | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action.
|
|||||
| CVE-2008-2673 | 1 Powie | 1 Pnews | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
|
|||||
| CVE-2008-2012 | 1 Postnuke Software Foundation | 1 Postschedule | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the PostSchedule 1.0 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the eid parameter in an event action.
|
|||||
| CVE-2008-2510 | 1 Wordpress | 1 Upload File Plugin | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter.
|
|||||
| CVE-2007-6012 | 1 Gatesoft | 1 Docusafe | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 allows remote attackers to execute arbitrary SQL commands via the artnr parameter (aka the search section). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6042 | 1 Netartmedia | 1 Real Estate Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the re_search module in NetArtMedia Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the ad parameter to index.php.
|
|||||
| CVE-2008-6268 | 1 Sadi Samami | 1 Multi Languages Webshop Online | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-4099 | 2 G4j.laoneo, Joomla | 2 Com Gcalendar, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Google Calendar GCalendar (com_gcalendar) component 1.1.2, 2.1.4, and possibly earlier versions for Joomla! allows remote attackers to execute arbitrary SQL commands via the gcid parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5055 | 1 Activecampaign | 1 Triolive | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in department_offline_context.php in ActiveCampaign TrioLive before 1.58.7 allows remote attackers to execute arbitrary SQL commands via the department_id parameter to index.php.
|
|||||
| CVE-2008-5952 | 1 Ktp Computer Customer Database | 1 Ktp Computer Customer Database | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI.
|
|||||
| CVE-2009-4393 | 2 Daniel Ptzinger, Typo3 | 2 Danp Documentdirs, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-6246 | 1 Scripts-for-sites | 1 Ez Webring | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in category.php in Scripts For Sites (SFS) EZ Webring allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2009-3310 | 1 Shalwan | 1 Zainu | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary SQL commands via the album_id parameter in an AlbumSongs action.
|
|||||
| CVE-2008-3701 | 1 Kayako | 1 Supportsuite | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action.
|
|||||
| CVE-2008-6111 | 1 Netart Media | 1 Vlog System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in blog.php in NetArt Media Vlog System 1.1 allows remote attackers to execute arbitrary SQL commands via the note parameter.
|
|||||
| CVE-2008-5969 | 1 Sunbyte | 1 E-flower | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-4560 | 1 Worms-league | 1 Webleague | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arbitrary SQL commands via the name parameter.
|
|||||
| CVE-2009-2788 | 1 Mobilelib | 1 Mobilelib Gold | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php.
|
|||||
| CVE-2008-6809 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in hotel_habitaciones.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allows remote attackers to execute arbitrary SQL commands via the HotelID parameter.
|
|||||