Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6281 | 1 Bluocms | 1 Bluo Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-2888 | 1 Phpscriptsnow | 1 Hangman | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter.
|
|||||
| CVE-2009-2243 | 1 Aaronoutpost | 1 Asp Inline Corporate Calendar | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the sortby parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-6048 | 1 Etomite | 1 Etomite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6319 | 1 Cfmsource | 1 Cf Calendar | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows remote attackers to execute arbitrary SQL commands via the calid parameter.
|
|||||
| CVE-2008-2767 | 1 Xigla | 1 Absolute Poll Manager Xe | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter.
|
|||||
| CVE-2008-0383 | 1 Mybb | 1 Mybb | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier allow remote moderators and administrators to execute arbitrary SQL commands via (1) the mergepost parameter in a do_mergeposts action, (2) rid parameter in an allreports action, or (3) threads parameter in a do_multimovethreads action to (a) moderation.php; or (4) gid parameter to (b) admin/usergroups.php.
|
|||||
| CVE-2009-3040 | 1 Ocsinventory-ng | 1 Ocs Inventory Ng | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N, (2) DL, (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php.
|
|||||
| CVE-2009-3754 | 1 Kreotek | 1 Phpbms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to modules/bms/invoices_discount_ajax.php, (2) f parameter to dbgraphic.php, and (3) tid parameter in a show action to advancedsearch.php.
|
|||||
| CVE-2008-5629 | 1 Turnkeyarcade | 1 Turnkey Arcade Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a play action.
|
|||||
| CVE-2008-5781 | 1 Cfagcms | 1 Cfagcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter.
|
|||||
| CVE-2008-3491 | 1 Scripts24 | 2 Ipost, Itgp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action.
|
|||||
| CVE-2009-3337 | 1 S9y | 1 Serendipity Event Freetag | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry.
|
|||||
| CVE-2008-7077 | 1 Relative | 1 Sailplanner | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
|
|||||
| CVE-2009-0672 | 1 Ravenphpscripts | 1 Ravennuke | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php.
|
|||||
| CVE-2008-3136 | 1 Ashopsoftware | 1 Ashop Deluxe | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2009-0334 | 1 Katywhitton | 1 Blogit\! | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action.
|
|||||
| CVE-2008-5192 | 1 Philboard | 1 Philboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might overlap CVE-2008-2334, CVE-2008-1939, CVE-2007-2641, or CVE-2007-0920.
|
|||||
| CVE-2008-5269 | 1 Powie | 1 Psys | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter.
|
|||||
| CVE-2008-3070 | 1 Mybb | 1 Mybb | 2025-04-09 | 7.5 HIGH | N/A |
|
Unspecified vulnerability in inc/datahandler/user.php in MyBB before 1.2.13 has unknown impact and attack vectors related to the $user['language'] variable, probably related to SQL injection.
|
|||||
| CVE-2008-3352 | 1 Nersoft | 1 Live Music Plus | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Live Music Plus 1.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a Singer action.
|
|||||
| CVE-2009-1585 | 1 R020 | 1 Tematres | 2025-04-09 | 4.4 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_password parameters to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-3582 | 1 Sql-ledger | 1 Sql-ledger | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation.
|
|||||
| CVE-2008-0735 | 1 Auracms | 1 Auracms | 2025-04-09 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter.
|
|||||
| CVE-2009-4392 | 1 Typo3 | 2 Typo3, Xds Staff | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the XDS Staff List (xds_staff) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-3718 | 1 Davethewebguy | 1 Battle Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter.
|
|||||
| CVE-2008-5988 | 1 Jadu | 1 Jadu Cms For Government | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS for Government allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-2778 | 1 Revokesoft | 1 Revokebb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in inc/class_search.php in the Search System in RevokeBB 1.0 RC11 allows remote attackers to execute arbitrary SQL commands via the search parameter.
|
|||||
| CVE-2008-3151 | 2 Phpnuke, Warpspeed | 2 4ndvddb, 4ndvddb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action.
|
|||||
| CVE-2008-1314 | 2 Johannes Hass, Phpnuke | 2 Gaestebuch Module, Php-nuke | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to modules.php.
|
|||||
| CVE-2008-4900 | 1 Yourfreeworld | 1 Classifieds Blaster Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-2017 | 1 Virtuenetz | 1 Virtue Book Store | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in products.php in Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2010-0322 | 2 Matthias Karr, Typo3 | 2 Mk Anydropdownmenu, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the init function in MK-AnydropdownMenu (mk_anydropdownmenu) extension 0.3.28 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-3543 | 1 Phenotype-cms | 1 Phenotype Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name).
|
|||||
| CVE-2007-5999 | 1 Softbizscripts | 1 Softbiz Auctions Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in product_desc.php in Softbiz Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6344 | 1 Typo3 | 2 Tu-clausthal Staff, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-5649 | 1 Alstrasoft | 1 Article Manager Pro | 2025-04-09 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in admin/admin.php in AlstraSoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2006-6367 | 1 Duware | 3 Dudownload, Dunews, Dupaypal | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in detail.asp in DUware DUdownload 1.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) iFile or (2) action parameter. NOTE: the iType parameter is already covered by CVE-2005-3976.
|
|||||
| CVE-2009-2167 | 1 Egyplus | 1 7ammel | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
|
|||||
| CVE-2008-1913 | 1 Lasernet Cms | 1 Lasernet Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the new parameter in a new action.
|
|||||