Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1812 | 1 Collector | 1 Mygesuad | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php.
|
|||||
| CVE-2008-6165 | 1 Easy-script | 1 Cspartner | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in gestion.php in CSPartner 0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) pseudo and (2) passe parameters.
|
|||||
| CVE-2008-7091 | 1 Pligg | 1 Pligg Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to log ...
Show More |
|||||
| CVE-2008-4882 | 1 Yourfreeworld | 1 Autoresponder Hosting Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-3258 | 1 Zoph | 1 Zoph | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-3125 | 1 Mozilla | 1 Bugzilla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Bug.search WebService function in Bugzilla 3.3.2 through 3.4.1, and 3.5, allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
|
|||||
| CVE-2008-0746 | 2 Joomla, Mambo | 2 Com Gallery, Com Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Gallery (com_gallery) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
|
|||||
| CVE-2008-3297 | 1 Social Engine | 1 Social Engine | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php.
|
|||||
| CVE-2008-2506 | 1 Simpel Side | 1 Weblosning | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) mainid and (2) id parameters to index2.php.
|
|||||
| CVE-2009-1842 | 1 Phpnuke | 1 Php-nuke | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
|
|||||
| CVE-2008-3954 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showcat action.
|
|||||
| CVE-2008-5311 | 1 Netart Media | 1 Blog System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in image.php in NetArt Media Blog System 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-4863 | 1 Quirm | 1 Saxon | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in example.php in SAXON 5.4 allows remote attackers to execute arbitrary SQL commands via the template parameter.
|
|||||
| CVE-2008-3599 | 1 Openimpro | 1 Openimpro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in image.php in OpenImpro 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-4778 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. NOTE: this may be the same as CVE-2007-4777.
|
|||||
| CVE-2008-5605 | 1 Aspapps | 1 Aspportal | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp.
|
|||||
| CVE-2009-4591 | 1 Secureideas | 1 Base | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Basic Analysis and Security Engine (BASE) before 1.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-0652 | 2 Joomla, Mambo | 2 Com Downloads, Com Downloads | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.
|
|||||
| CVE-2008-5726 | 1 Stormboards Aaronnemisis | 1 Stormboards | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-2891 | 1 Emusoft | 1 Emucms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a category action.
|
|||||
| CVE-2008-0744 | 1 Preprojects.com | 1 Pre Hotels \& Resorts Management System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in user_login.asp in PreProjects.com Pre Hotels & Resorts Management System allows remote attackers to execute arbitrary SQL commands via the login page.
|
|||||
| CVE-2008-6810 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin/checklogin.php in Venalsur Booking Centre Booking System for Hotels Group 2.01 allow remote attackers to execute arbitrary SQL commands via the (1) myusername (username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-3604 | 1 Zeescripts | 1 Zeebuddy | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
|
|||||
| CVE-2008-3241 | 1 Ultrastats | 1 Ultrastats | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in players-detail.php in UltraStats 0.2.136, 0.2.140, and 0.2.142 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-4919 | 1 Jblog | 1 Jblog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote attackers to execute arbitrary SQL commands via the id parameter to index.php, and allow (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/modifpost.php.
|
|||||
| CVE-2008-4715 | 1 Jpad Project | 1 Jpad | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
|
|||||
| CVE-2008-7145 | 1 Coronamatrix | 1 Phpaddressbook | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters.
|
|||||
| CVE-2009-4046 | 1 Frontaccounting | 1 Frontaccounting | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) bank_accounts.php, (2) currencies.php, (3) exchange_rates.php, (4) gl_account_types.php, and (5) gl_accounts.php in gl/manage/; and (6) audit_trail_db.inc, (7) comments_db.inc, (8) inventory_db.inc, (9) manufacturing_db.inc, and (10) references_db.inc in includes/db/.
|
|||||
| CVE-2009-4058 | 1 Telebidauctionscript | 1 Telebid Auction Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in allauctions.php in Telebid Auction Script allows remote attackers to execute arbitrary SQL commands via the aid parameter.
|
|||||
| CVE-2008-0849 | 2 Joomla, Mambo | 2 Com Downloads, Com Downloads | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652.
|
|||||
| CVE-2008-0519 | 2 Joomla, Mambo | 2 Com Jokes, Com Jokes | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Atapin Jokes (com_jokes) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a CatView action.
|
|||||
| CVE-2007-5630 | 1 Bbsprocess | 1 Bbportals | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS 1.5.10 through 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a tnews action.
|
|||||
| CVE-2008-6197 | 1 Kwsphp | 2 Galerie Module, Kwsphp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the galerie module for KwsPHP 1.3.456 allows remote attackers to execute arbitrary SQL commands via the id_gal parameter in a gal action.
|
|||||
| CVE-2008-2223 | 1 Buyscripts | 1 Vshare Youtube Clone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in group_posts.php in vShare YouTube Clone 2.6 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
|
|||||
| CVE-2008-0137 | 1 Snetworks | 1 Php Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS PHP CLASSIFIEDS 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_escape parameter.
|
|||||
| CVE-2008-6020 | 1 Drupal | 2 Drupal, Views | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields."
|
|||||
| CVE-2008-2564 | 1 Joomla | 2 Com Jotloader, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
|
|||||
| CVE-2008-0801 | 3 Joomla, Mambo-foundation, Paxxgallery | 3 Joomla\!, Mambo, Com Paxxgallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter.
|
|||||
| CVE-2008-2865 | 1 Kalptaru Infotech | 1 Php Site Lock | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site Lock 2.0 allows remote attackers to execute arbitrary SQL commands via the articleid parameter in a show_article action.
|
|||||
| CVE-2009-2921 | 1 Mocdesigns | 1 Php News | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field).
|
|||||