Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2427 | 1 Jobbr | 1 Jobbr | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in co-profile.php in Jobbr 2.2.7 allows remote attackers to execute arbitrary SQL commands via the emp_id parameter.
|
|||||
| CVE-2008-4144 | 1 Discountedscripts | 1 E-gold Script Shop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Script Shop allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action.
|
|||||
| CVE-2008-1164 | 1 Phpcomasy | 1 Phpcomasy | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action.
|
|||||
| CVE-2007-5978 | 1 Xoops | 1 Mylinks Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in brokenlink.php in the mylinks module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter.
|
|||||
| CVE-2008-2231 | 1 Slashcode.com | 1 Slash | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter.
|
|||||
| CVE-2009-4432 | 1 Codemight | 1 Videocms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action.
|
|||||
| CVE-2008-3063 | 1 V-webmail | 1 V-webmail | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in V-webmail 1.5.0 might allow remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2008-6852 | 2 Joomla, Markus Donhauser | 2 Joomla\!, Ice Gallery Component For Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
|
|||||
| CVE-2008-0850 | 1 Dokeos | 1 Dokeos | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php.
|
|||||
| CVE-2008-5923 | 1 Asp-dev | 1 Xm Events Diary | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands the cat parameter.
|
|||||
| CVE-2008-7040 | 2 Wordpress, Yellowswordfish | 2 Wordpress, Simple Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
|
|||||
| CVE-2008-5573 | 1 Adcomplete | 1 Poll Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the login feature in Poll Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) Password and (2) username parameters.
|
|||||
| CVE-2007-0695 | 1 Free Lan Intra Internet Portal | 1 Free Lan Intra Internet Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions.
|
|||||
| CVE-2009-0458 | 1 Wholehogsoftware | 1 Ware Support | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Ware Support 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6263 | 1 Infireal | 1 Saturncms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in lib/user/t_user.php in SaturnCMS allows remote attackers to execute arbitrary SQL commands via the username parameter to the _userLoggedIn function. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6689 | 2 Kevin Renskers, Typo3 | 2 Dmmjobcontrol, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2008-5582 | 1 Nukedit | 1 Nukedit | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the email parameter.
|
|||||
| CVE-2008-4436 | 1 Bblog | 1 Wbblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog 0.7.6 allows remote attackers to execute arbitrary SQL commands via the mod parameter.
|
|||||
| CVE-2008-6802 | 1 Phpexplorer | 1 Phphotogallery | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in phPhotoGallery 0.92 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-2789 | 1 Basic-cms | 1 Basic-cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pages/index.php in BASIC-CMS allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
|
|||||
| CVE-2009-2098 | 1 Micheal Glazer | 1 Phportal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in topicler.php in phPortal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-5954 | 1 Ktp Computer Customer Database | 1 Ktp Computer Customer Database | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lname parameter in a login action to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-5779 | 1 Flds Script | 1 Flds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in lpro.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-4344 | 1 6rbscript | 1 6rbscript | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in cat.php in 6rbScript allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
|
|||||
| CVE-2006-5606 | 1 Bytesfall Explorer | 1 Bytesfall Explorer | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors.
|
|||||
| CVE-2009-2933 | 1 Piwigo | 1 Piwigo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comments.php in Piwigo before 2.0.3 allows remote attackers to execute arbitrary SQL commands via the items_number parameter.
|
|||||
| CVE-2008-2443 | 1 Therealestatescript | 1 The Real Estate Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in dpage.php in The Real Estate Script allows remote attackers to execute arbitrary SQL commands via the docID parameter.
|
|||||
| CVE-2009-3632 | 1 Typo3 | 1 Typo3 | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters.
|
|||||
| CVE-2009-3502 | 1 Bpowerhouse | 1 Bpmusic | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 allows remote attackers to execute arbitrary SQL commands via the music_id parameter.
|
|||||
| CVE-2008-2817 | 1 Nitropowered | 1 Nitro Web Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 and earlier allows remote attackers to execute arbitrary SQL commands via the CatId parameter in a show action.
|
|||||
| CVE-2008-0262 | 1 Agares Media | 1 Phpautovideo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.
|
|||||
| CVE-2008-5930 | 1 The Net Guys | 1 Aspired2blog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ASPired2Blog allows remote attackers to execute arbitrary SQL commands via the BlogID parameter.
|
|||||
| CVE-2008-1313 | 1 Bill Roberts | 1 Bloo | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) post_id, (2) post_category_id, (3) post_year_month, and (4) static_page_id parameters; and unspecified other vectors.
|
|||||
| CVE-2008-0908 | 1 Schoolwires | 1 Academic Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in browse.asp in Schoolwires Academic Portal allows remote attackers to execute arbitrary SQL commands via the c parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6892 | 1 Peel | 1 Peel | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in lire/index.php in Peel 3.1 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. NOTE: this might be the same issue as CVE-2005-3572.
|
|||||
| CVE-2008-4185 | 1 Webcms | 1 Webcms Portal Edition | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213.
|
|||||
| CVE-2008-5859 | 1 Constructr | 1 Constructr-cms | 2025-04-09 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the show_page parameter.
|
|||||
| CVE-2009-1742 | 1 Pc4arb | 1 Pc4 Uploader | 2025-04-09 | 7.5 HIGH | N/A |
|
code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function.
|
|||||
| CVE-2008-4782 | 1 Aiocp | 1 Aiocp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.
|
|||||
| CVE-2008-2642 | 1 Kmrg-itb | 1 Otomigenx | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remote attackers to execute arbitrary SQL commands via the userAccount parameter (aka the User Name field) to index.php. NOTE: some of these details are obtained from third party information.
|
|||||