Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3165 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Bug.create WebService function in Bugzilla 2.23.4 through 3.0.8, 3.1.1 through 3.2.4, and 3.3.1 through 3.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
|
|||||
| CVE-2008-0670 | 1 Joomla | 1 Com Noticias | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Noticias (com_noticias) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detalhe action.
|
|||||
| CVE-2007-6362 | 1 Joomla | 1 Rs Gallery2 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action.
|
|||||
| CVE-2008-2921 | 1 Eztechhelp Company | 1 Ezcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2009-1662 | 1 Recipescript | 1 Recipe Script | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) Password fields, as reachable from admin/index.php.
|
|||||
| CVE-2008-1957 | 1 Easyscripts | 1 Tr Script News | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode.
|
|||||
| CVE-2008-6614 | 1 Impliedbydesign | 1 Ibd Micro Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass parameter (aka the Password field).
|
|||||
| CVE-2008-6133 | 1 Ozsari | 1 Full Php Emlak Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in arsaprint.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3942.
|
|||||
| CVE-2008-6214 | 1 Harlandscripts | 1 Pro Traffic One | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in poll_results.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-3834 | 2 Joomla, Webguerilla | 2 Joomla, Com Photoblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Photoblog (com_photoblog) component alpha 3 and alpha 3a for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in a blogs action to index.php.
|
|||||
| CVE-2009-4396 | 2 Fr.simon Rundell, Typo3 | 2 Pd Resources, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-1758 | 1 Kwsphp | 1 Kwsphp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to index.php.
|
|||||
| CVE-2008-3490 | 1 E-topbiz | 1 Online Dating | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in members/mail.php in E-topbiz Online Dating 3 1.0 allows remote authenticated users to execute arbitrary SQL commands via the mail_id parameter in a veiw action.
|
|||||
| CVE-2008-1759 | 2 Jeuxflash, Kwsphp | 2 Jeuxflash Module, Kwsphp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922.
|
|||||
| CVE-2007-1962 | 1 Xoops | 2 Wf-snippets, Xoops | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.
|
|||||
| CVE-2008-0270 | 1 Taskfreak | 1 Taskfreak | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter.
|
|||||
| CVE-2008-5768 | 2 Sirium, Xoops | 2 Am Events Module, Xoops | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in print.php in the AM Events (aka Amevents) module 0.22 for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6582 | 1 Miniweb2 | 1 Miniweb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
|
|||||
| CVE-2008-4611 | 1 Php Arsivimiz | 1 Php Ziyaretci Defteri | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretci Defteri allows remote attackers to execute arbitrary SQL commands via the sayfa parameter.
|
|||||
| CVE-2008-6134 | 1 Drupal | 2 Drupal, Everyblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-4178 | 1 Downline Goldmine | 2 Builder, New Addon | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-2023 | 1 Shop-script | 1 Shop-script | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter.
|
|||||
| CVE-2009-3255 | 1 Thomas Cuchta | 1 Rash | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in RASH Quote Management System (RQMS) 1.2.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an admin action to the default URI.
|
|||||
| CVE-2007-0527 | 1 Website Baker | 1 Website Baker | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-3217 | 1 Wiccle | 1 Iwiccle | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the admin module in iWiccle 1.01 allows remote attackers to execute arbitrary SQL commands via the member_id parameter in an edit_user action to index.php.
|
|||||
| CVE-2008-6323 | 1 Cfmsource | 1 Cf Auction | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forummessages.cfm in CFMSource CF_Auction allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
|
|||||
| CVE-2008-4660 | 1 Typo3 | 2 M1 Intern, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-7083 | 1 Revou | 1 Micro Blogging Twitter Clone | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
|
|||||
| CVE-2008-6353 | 1 Asp-cms | 1 Asp-cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cha parameter.
|
|||||
| CVE-2008-3722 | 1 Fipsasp | 1 Fipscms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the kat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-1465 | 3 Detodas, Joomla, Mambo-foundation | 3 Com Restaurante, Joomla\!, Mambo | 2025-04-09 | 9.3 HIGH | N/A |
|
SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562.
|
|||||
| CVE-2009-0121 | 1 Goople Cms | 1 Goople Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-4458 | 1 E-php Scripts | 1 B2b Trading Marketplace Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action.
|
|||||
| CVE-2008-6464 | 1 Mevin | 1 Basic-php-events-lister | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-0795 | 3 Joomla, Mambo, Mgfi | 3 Joomla, Mambo, Xfaq | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) 1.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action.
|
|||||
| CVE-2008-2995 | 1 Phpeasydata | 1 Phpeasydata | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via (1) the annuaire parameter to annuaire.php or (2) the username field in admin/login.php.
|
|||||
| CVE-2008-0651 | 1 Pedro Santana Codice | 1 Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-1591 | 1 Postnuke | 1 Postnuke | 2025-04-09 | 7.5 HIGH | N/A |
|
The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable).
|
|||||
| CVE-2008-0939 | 1 Wordpress | 1 Photo Album Plugin | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6115 | 1 Prozilla | 1 Hosting Index | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083.
|
|||||