Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2147 | 1 Phpwebthings | 1 Phpwebthings | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-0597 | 1 W3b Cms | 1 Aka W3blabor Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action.
|
|||||
| CVE-2008-6456 | 2 Martin Helmich, Typo3 | 2 Hbook, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-3034 | 1 Rss Aggregator | 1 Rss Aggregator | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.
|
|||||
| CVE-2008-1918 | 1 Php-fusion | 1 Php-fusion | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected.
|
|||||
| CVE-2008-2554 | 1 Bp Blog | 1 Bp Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp.
|
|||||
| CVE-2009-2439 | 1 Web Development House | 1 Alibaba Clone | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group.
|
|||||
| CVE-2008-1915 | 1 Devworx | 1 Blogworx | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6409 | 1 Brian Wilson | 1 Ol\'bookmarks | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action.
|
|||||
| CVE-2008-2034 | 1 Wordpress | 1 Download Monitor Plugin | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in wp-download_monitor/download.php in the Download Monitor 2.0.6 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-5805 | 1 Deltascripts | 1 Php Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the siteid parameter, a different vector than CVE-2006-5828.
|
|||||
| CVE-2008-0499 | 1 Mamboxchange | 1 Laithai | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-1613 | 1 Gowondesigns | 1 Leap | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter.
|
|||||
| CVE-2008-2479 | 1 Badongo | 1 Phpfix | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) kind parameter to fix/browse.php and the (2) account parameter to auth/00_pass.php.
|
|||||
| CVE-2009-2599 | 1 Radscripts | 1 Radclassifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 allows remote attackers to execute arbitrary SQL commands via the seller parameter in a search action.
|
|||||
| CVE-2008-3754 | 1 Yourfreeworld | 1 Stylish Text Ads Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-0281 | 1 Warhound | 1 Walking Club | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.aspx in WarHound Walking Club allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
|
|||||
| CVE-2009-3974 | 1 Invisioncommunity | 1 Invision Power Board | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. NOTE: on 20090818, the vendor patched 3.0.2 without changing the version number.
|
|||||
| CVE-2008-2791 | 1 Kalptaru Infotech | 1 Comparison Engine Power Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in product.detail.php in Kalptaru Infotech Comparison Engine Power Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-4495 | 1 Select Development Solutions | 1 Php Auto Dealer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.
|
|||||
| CVE-2007-1034 | 1 Php-nuke | 1 Emporium Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the category file in modules.php in the Emporium 2.3.0 and earlier module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
|
|||||
| CVE-2009-4217 | 2 Itamar Elharar, Joomla | 2 Com Musicgallery, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-4597 | 1 Turnkey Web Tools | 1 Sunshop Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in TurnkeyWebTools SunShop Shopping Cart 4.0 RC 6 allows remote attackers to execute arbitrary SQL commands via the s[cid] parameter in a search_list action, a different vector than CVE-2007-2549.
|
|||||
| CVE-2007-6665 | 1 Netchemia | 1 Oneschool | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL allows remote attackers to execute arbitrary SQL commands via the txtLoginID parameter.
|
|||||
| CVE-2007-6666 | 1 Zenphoto | 1 Zenphoto | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter.
|
|||||
| CVE-2008-0327 | 1 Fascript | 1 Famp3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-2691 | 1 Jiro | 1 Faq Manager Experience | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in read.asp in JiRo's FAQ Manager eXperience 1.0 allows remote attackers to execute arbitrary SQL commands via the fID parameter.
|
|||||
| CVE-2007-5485 | 1 Kwsphp | 1 Kwsphp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the mg2 1.0 module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the album parameter.
|
|||||
| CVE-2008-3563 | 1 Plogger | 1 Plogger | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.
|
|||||
| CVE-2009-0409 | 1 Mzbservices | 1 Max.blog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2008-4375 | 1 Availscript | 1 Availscript Classmate Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewprofile.php in Availscript Classmate Script allows remote attackers to execute arbitrary SQL commands via the p parameter.
|
|||||
| CVE-2008-3580 | 1 Qsoft | 1 K-links | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to visit.php, or the PATH_INFO to the default URI under (2) report/, (3) addreview/, or (4) refer/.
|
|||||
| CVE-2009-1658 | 1 Realtywebware | 1 Realty Web-base | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin/admin.php in Realty Webware Technologies Realty Web-Base 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user (username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6365 | 1 Adserversolutions | 1 Ad Management Software | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Management Software Java allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, related to the uname or pass parameters to logon.jsp or logon_processing.jsp. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-2892 | 2 Feellove, Joomla | 2 Exp Shop Component, Com Expshop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the EXP Shop (com_expshop) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show_payment action to index.php.
|
|||||
| CVE-2008-1551 | 1 Runcms | 2 Photo Module, Runcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2008-7075 | 1 Kalptaru Infotech | 1 Stararticles | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid parameter to article.list.php; or the artid parameter to (2) article.print.php, (3) article.comments.php, (4) article.publisher.php, or (5) article.download.php; and (6) the PATH_INFO to article.download.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-1874 | 1 Xpoze | 1 Xpoze Pro | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.05 and earlier allows remote authenticated users to execute arbitrary SQL commands via the reed parameter.
|
|||||
| CVE-2008-4736 | 1 Aves | 1 Rpg Board | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the showtopic parameter.
|
|||||
| CVE-2008-4378 | 1 Mr. Cgi Guy | 1 Hot Links Sql Php | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||