Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2422 | 1 Webslider | 1 Webslider | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Web Slider 0.6 allows remote attackers to execute arbitrary SQL commands via the slide parameter in a slides action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-3254 | 1 Precoc | 1 Precms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in preCMS 1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a UserProfil action.
|
|||||
| CVE-2008-1554 | 1 Topper | 1 Toppermod | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in account/index.php in TopperMod 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a non-alphanumeric first character the localita parameter, which bypasses a protection mechanism.
|
|||||
| CVE-2008-6327 | 1 Manzovi | 1 Proquiz | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter, a different vector than CVE-2008-6312.
|
|||||
| CVE-2008-6812 | 1 Surat Kabar | 1 Phpwebnews | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the det parameter.
|
|||||
| CVE-2008-6230 | 1 Preprojects | 1 Pre Podcast Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-1403 | 1 Creloaded | 1 Cre Loaded | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
|
|||||
| CVE-2007-4845 | 1 Rwscripts.com | 1 Rw Download Lite | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in UPLOAD/index.php in RW::Download 2.0.3 lite allow remote attackers to execute arbitrary SQL commands via the (1) dlid or (2) cid parameter.
|
|||||
| CVE-2008-2530 | 1 Quickupcms | 1 Quickupcms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Concepts & Solutions QuickUpCMS allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter to (a) frontend/news.php, the (2) id parameter to (b) events3.php and (c) videos2.php in frontend/, the (3) y parameter to (d) frontend/events2.php, and the (4) ser parameter to (e) frontend/fotos2.php.
|
|||||
| CVE-2009-0400 | 1 Socialengine | 1 Socialengine | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
|
|||||
| CVE-2008-2754 | 1 Efiction | 1 Efiction | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the list parameter.
|
|||||
| CVE-2008-5960 | 1 Tribiq | 1 Tribiq Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to execute arbitrary SQL commands via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-3063 | 1 Mealex | 1 My Databook | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter.
|
|||||
| CVE-2009-4414 | 1 Phpgroupware | 1 Phpgroupware | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php.
|
|||||
| CVE-2008-4379 | 1 Mr. Cgi Guy | 1 Hot Links Sql Php | 2025-04-09 | 4.3 MEDIUM | N/A |
|
Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
|||||
| CVE-2008-2688 | 1 Pilotcart | 1 Pilot Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the article parameter in a kb action.
|
|||||
| CVE-2008-1540 | 2 Joomla, Mambo | 2 Datsogallery, Datsogallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-5177 | 2 Mambads, Mambo | 2 Mambads, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter.
|
|||||
| CVE-2008-2184 | 1 Toocharger | 1 Smartblog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) mois, (2) an, (3) jour, and (4) id parameters to index.php, and the (5) login parameter to gestion/logon.php, different vectors than CVE-2008-2183. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-7116 | 1 Kubix | 1 Kubix | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php.
|
|||||
| CVE-2007-6381 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-1871 | 1 Scriptsagent | 1 Links Directory | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action.
|
|||||
| CVE-2008-1889 | 1 Xplodphp | 1 Autotutorials | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials 2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6865 | 2 Php-nuke, Phpnuke | 2 Sections Module, Php-nuke | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules.php in the Sectionsnew module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action.
|
|||||
| CVE-2008-6225 | 1 Mole-group | 1 Airline Ticket Sale Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in info.php in Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. NOTE: the vendor has disputed this issue, stating "crazy hackers and so named Security companies [spread] out such false informations. Such scripts or versions [do not] exist.
|
|||||
| CVE-2009-3806 | 1 Dedecms | 1 Dedecms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter.
|
|||||
| CVE-2009-3533 | 1 John Beranek | 1 Meeting Room Booking System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in report.php in Meeting Room Booking System (MRBS) before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the typematch parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-3642 | 1 Frontrange | 1 Heat | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the Call Logging feature in FrontRange HEAT 8.01 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
|
|||||
| CVE-2008-3498 | 2 Joomla, Netshinesoftware | 2 Joomla\!, Com Netinvoice | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6366 | 1 Adserversolutions | 1 Affiliate Software Java | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly related to the uname and pass parameters to logon_process.jsp. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-0401 | 1 Ephpscripts | 1 E-php Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in browsecats.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2008-6652 | 1 Insanevisions | 1 Onecms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the sitename parameter.
|
|||||
| CVE-2007-6373 | 1 Gestdown | 1 Gestdown | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow remote attackers to execute arbitrary SQL commands via the (1) categorie parameter to catdownload.php, or the id parameter to (2) download.php or (3) hitcounter.php.
|
|||||
| CVE-2008-5200 | 2 Joomla, Mambo | 3 Com Xewebtv, Joomla, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
|
|||||
| CVE-2007-1166 | 1 Nabocorp | 1 Nabopoll | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter.
|
|||||
| CVE-2008-6468 | 1 Dieselscripts | 1 Diesel Pay | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Diesel Pay allows remote attackers to execute arbitrary SQL commands via the area parameter in a browse action.
|
|||||
| CVE-2008-3302 | 1 Tuxplanet | 1 Bilboblog | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.
|
|||||
| CVE-2008-3670 | 1 Articlefriendly | 1 Article Friendly | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in authordetail.php in Article Friendly Pro allows remote attackers to execute arbitrary SQL commands via the autid parameter.
|
|||||
| CVE-2009-3061 | 1 Alqa6ari | 1 Script Q R | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-3772 | 1 Pars4u | 1 Videosharing | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in categories_portal.php in Pars4u Videosharing 1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
|
|||||