Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6576 | 1 Adultscript | 1 Adultscript | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) videolink_count.php or (2) links.php.
|
|||||
| CVE-2008-5815 | 1 Phpalumni | 1 Phpalumni | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-3129 | 1 Catviz | 1 Catviz | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta 1 allow remote attackers to execute arbitrary SQL commands via the (1) foreign_key_value parameter in the news page and (2) webpage parameter in the webpage_multi_edit form.
|
|||||
| CVE-2009-3964 | 2 Joomla, Ninjaforge | 2 Joomla\!, Com Ninjamonials | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php.
|
|||||
| CVE-2008-6837 | 1 Zoph | 1 Zoph | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6264 | 1 E-topbiz | 1 Slide Popups | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.
|
|||||
| CVE-2008-6990 | 1 Ezphotogallery | 1 Ezphotogallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6970 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter.
|
|||||
| CVE-2008-0429 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.
|
|||||
| CVE-2007-6559 | 1 Logaholic | 1 Logaholic | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php.
|
|||||
| CVE-2008-2444 | 1 Calogic | 1 Calogic Calendars | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary SQL commands via the langsel parameter.
|
|||||
| CVE-2008-3223 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to "an inappropriate placeholder for 'numeric' fields."
|
|||||
| CVE-2007-3937 | 1 A-shop | 1 A-shop | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-3393 | 1 Infomining | 1 Bookmine | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter.
|
|||||
| CVE-2007-1899 | 1 Mywebland | 1 Mybloggie | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php.
|
|||||
| CVE-2007-6032 | 1 Aleris | 1 Web Publishing Server | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in calendar/page.asp in Aleris Web Publishing Server 3.0 allows remote attackers to execute arbitrary SQL commands via the mode parameter.
|
|||||
| CVE-2008-6312 | 1 Manzovi | 1 Proquiz | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2009-4375 | 1 Alienvault | 1 Open Source Security Information Management | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in repository/repository_attachment.php in AlienVault Open Source Security Information Management (OSSIM) 2.1.5, and possibly other versions before 2.1.5-4, allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
|
|||||
| CVE-2008-0504 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.
|
|||||
| CVE-2008-6573 | 1 Avaya | 1 Communication Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to ...
Show More |
|||||
| CVE-2008-0089 | 1 Clip-share | 1 Clipshare | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter.
|
|||||
| CVE-2008-6330 | 1 Jaia Interactive | 1 Mytopix | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the send parameter in a notes action.
|
|||||
| CVE-2008-2770 | 1 Mycrocms | 1 Mycrocms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in MycroCMS 0.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.
|
|||||
| CVE-2003-1573 | 1 Sun | 1 J2ee | 2025-04-09 | 10.0 HIGH | N/A |
|
The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."
|
|||||
| CVE-2009-4564 | 1 Zenphoto | 1 Zenphoto | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ZenPage plugin is enabled, allows remote attackers to execute arbitrary SQL commands via the category parameter, related to a URI under news/category/.
|
|||||
| CVE-2008-4169 | 1 Iscripts | 1 Easyindex | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detaillist.php in iScripts EasyIndex, possibly 1.0, allows remote attackers to execute arbitrary SQL commands via the produid parameter.
|
|||||
| CVE-2008-0911 | 1 Iscripts | 1 Multicart | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter.
|
|||||
| CVE-2008-5058 | 1 Preproject | 1 Pre Simple Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-4351 | 1 Wscreator | 1 Wscreator | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter.
|
|||||
| CVE-2008-2498 | 1 Mambo-foundation | 1 Mambo | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Mambo before 4.6.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) articleid and (2) mcname parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-2047 | 1 Aspindir | 1 Angelo-emlak | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp.
|
|||||
| CVE-2008-2265 | 1 Emophp | 1 Emo Realty Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in EMO Realty Manager allows remote attackers to execute arbitrary SQL commands via the ida parameter.
|
|||||
| CVE-2008-5882 | 2 Avaya, Citrix | 4 Ag250, Broadcast Server, Application Gateway For Avaya and 1 more | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter.
|
|||||
| CVE-2009-3313 | 1 Fmyclone | 1 Fmyclone | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action to edit.php.
|
|||||
| CVE-2008-6028 | 1 University Of Queensland | 1 Fez | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in list.php in University of Queensland Library Fez 1.3 and 2.0 RC1 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter in a subject action.
|
|||||
| CVE-2009-3309 | 1 Cfshopkart | 1 Cf Shopkart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a ViewDetails action, a different vector than CVE-2008-6320.
|
|||||
| CVE-2009-3209 | 1 Raizlabs | 1 Php Email Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2009-0329 | 1 Joomla | 2 Com Pccookbook, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the PcCookBook (com_pccookbook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php, a different vector than CVE-2008-0844.
|
|||||
| CVE-2009-3417 | 2 Idojoomla, Joomla | 2 Com Idoblog, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 build 30 for Joomla! allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action to index.php, a different vector than CVE-2008-2627.
|
|||||
| CVE-2008-2816 | 1 O2php | 1 Oxygen | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin Board) 2.0 allows remote attackers to execute arbitrary SQL commands via the repquote parameter in a reply action, a different vector than CVE-2006-1572.
|
|||||