Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6796 | 1 Preprojects | 1 Pre Real Estate Listings | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in manager/login.php in Pre Projects Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the username1 parameter (aka the Admin field or Username field).
|
|||||
| CVE-2009-0427 | 1 Dmxready | 1 Member Directory Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Member Directory Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2008-3346 | 1 E-topbiz | 1 Shopcart Dx | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in product_detail.php in ShopCart DX allows remote attackers to execute arbitrary SQL commands via the pid parameter.
|
|||||
| CVE-2008-4090 | 1 Couponscript | 1 Coupon Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an addtocart action, a different vector than CVE-2007-2672.
|
|||||
| CVE-2009-4566 | 1 Zenphoto | 1 Zenphoto | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-1936 | 1 Classifieds Caffe | 1 Classifieds Caffe | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Classifieds Caffe allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an add action. NOTE: this issue might be site-specific.
|
|||||
| CVE-2008-0772 | 2 Joomla, Mambo | 2 Com Doc, Com Doc | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task.
|
|||||
| CVE-2009-4599 | 2 Joomla, Joomshark | 2 Joomla, Com Jsjobs | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) component 1.0.5.6 for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the md parameter in an employer view_company action to index.php or (2) the oi parameter in an employer view_job action to index.php.
|
|||||
| CVE-2008-6429 | 2 Joomla, Mike Leeper | 2 Joomla, Com Prayercenter | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php.
|
|||||
| CVE-2007-0196 | 1 Motionborg | 1 Motionborg Web Real Estate | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin_check_user.asp in Motionborg Web Real Estate 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (txtUserName parameter) and possibly other parameters. NOTE: some details were obtained from third party information.
|
|||||
| CVE-2008-5267 | 1 Experts | 1 Experts | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in answer.php in Experts 1.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the question_id parameter.
|
|||||
| CVE-2008-0829 | 3 Joomla, Joomlapixel, Mambo | 3 Joomla, Jooget, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! (com_jooget) 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task.
|
|||||
| CVE-2009-2781 | 1 Arabportal | 1 Arab Portal | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666.
|
|||||
| CVE-2008-6462 | 2 Kurt Gusbeth, Typo3 | 2 Myquizpoll, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 0.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2007-6134 | 1 Phpkit | 1 Phpkit | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pkinc/public/article.php in PHPKIT 1.6.4pl1 allows remote attackers to execute arbitrary SQL commands via the contentid parameter in an article action to include.php, a different vector than CVE-2006-1773.
|
|||||
| CVE-2008-4154 | 1 Living-e | 1 Webedition Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in living-e webEdition CMS allows remote attackers to execute arbitrary SQL commands via the we_objectID parameter.
|
|||||
| CVE-2008-7114 | 1 Ifusionservices | 1 Ifdate | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in members_search.php in iFusion Services iFdate 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the name field.
|
|||||
| CVE-2008-6333 | 1 Matthew General | 1 Rss Simple News | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in news.php in RSS Simple News (RSSSN), when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the pid parameter.
|
|||||
| CVE-2006-6912 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the userfile or filename parameter.
|
|||||
| CVE-2009-4401 | 2 Fr.simon Rundell, Typo3 | 2 Ste Parish Admin, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-0750 | 1 Husrev | 1 Blackboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in philboard_forum.asp in Husrev BlackBoard 2.0.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
|
|||||
| CVE-2008-3038 | 1 Typo3 | 1 Address Directory | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-6753 | 1 Silverstripe | 1 Silverstripe | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SilverStripe before 2.2.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to AjaxUniqueTextField.
|
|||||
| CVE-2008-6941 | 1 Turnkeyforms | 1 Web Hosting Directory | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field.
|
|||||
| CVE-2007-5233 | 1 Deonixscripts | 1 Web Template Management System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Web Template Management System 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a readmore action.
|
|||||
| CVE-2008-4881 | 1 Yourfreeworld | 1 Reminder Service Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-1897 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable.
|
|||||
| CVE-2008-2753 | 1 Paridel | 1 Pooya Site Builder | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) xslIdn parameter to (a) utils/getXsl.aspx, and the (2) part parameter to (b) getXml.aspx and (c) getXls.aspx in utils/.
|
|||||
| CVE-2008-3035 | 1 Xchangeboard | 1 Xchangeboard | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in newThread.php in XchangeBoard 1.70 Final and earlier allows remote authenticated users to execute arbitrary SQL commands via the boardID parameter.
|
|||||
| CVE-2007-6240 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the BuildTime parameter.
|
|||||
| CVE-2008-6611 | 1 Abweb | 1 Minimal Ablog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-1661 | 1 Anoldman | 1 Utopic | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.
|
|||||
| CVE-2008-5589 | 1 Katywhitton | 1 Rankem | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-4456 | 1 Greendesktiny | 1 Green Desktiny | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news_detail.php in Green Desktiny 2.3.1, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6262 | 1 Infireal | 1 Saturncms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in lib/url/meta_url.php in SaturnCMS allows remote attackers to execute arbitrary SQL commands via the URL to the translate function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6016 | 1 Editeurscripts | 1 Esfaq | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3952. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-5630 | 1 Qualityunit | 1 Post Affiliate Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in merchants/index.php in Post Affiliate Pro 3 and 3.1.4 allows remote attackers to execute arbitrary SQL commands via the umprof_status parameter.
|
|||||
| CVE-2009-1850 | 1 Benjamin Curtis | 1 Phpbugtracker | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows remote attackers to execute arbitrary SQL commands via the password parameter.
|
|||||
| CVE-2007-4984 | 2 Ktauber, Phpbb | 2 Stylesdemo, Phpbb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Ktauber.com StylesDemo mod for phpBB 2.0.xx allows remote attackers to execute arbitrary SQL commands via the s parameter.
|
|||||
| CVE-2007-5150 | 1 Nukescripts | 1 Nukesentinel | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125.
|
|||||