Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2760 | 1 Xigla | 1 Absolute Banner Manager | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in searchbanners.asp in Xigla Absolute Banner Manager XE 2.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
|
|||||
| CVE-2009-2618 | 1 Maxdev | 1 Mdpro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php.
|
|||||
| CVE-2008-3590 | 1 Egi Zaberl | 1 E.z. Poll | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-2898 | 1 2z Project | 1 2z Project | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.
|
|||||
| CVE-2008-4901 | 1 Scripts Frenzy | 1 Article Publisher Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/admin.php in Article Publisher Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2009-2152 | 1 Isabela Gasparini | 1 Adaptweb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows remote attackers to execute arbitrary SQL commands via the CodigoDisciplina parameter in a TopicosCadastro1 action.
|
|||||
| CVE-2008-2763 | 1 Xigla | 1 Absolute Live Support Xe | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
|
|||||
| CVE-2009-3430 | 1 Allomani | 1 Mobile | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
|
|||||
| CVE-2008-7153 | 1 Docebo | 1 Docebo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.
|
|||||
| CVE-2008-6469 | 1 Plaincart | 1 Plaincart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PlainCart 1.1.2 allows remote attackers to execute arbitrary SQL commands via the p parameter.
|
|||||
| CVE-2008-6326 | 1 Simplecustomer | 1 Simple Customer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Simple Customer as downloaded on 20081118 allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-2124 | 1 Fipsasp | 1 Fipscms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS allows remote attackers to execute arbitrary SQL commands via the lg parameter.
|
|||||
| CVE-2008-4338 | 1 Vacilanda | 1 Brilliant Gallery | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with "access brilliant_gallery" permissions to execute arbitrary SQL commands via the (1) nid, (2) qid, (3) state, and possibly (4) user parameters.
|
|||||
| CVE-2008-0159 | 1 Eggblog | 1 Eggblog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie.
|
|||||
| CVE-2008-4177 | 1 Preprojects | 1 Pre Real Estate Listings | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in Pre Real Estate Listings allows remote attackers to execute arbitrary SQL commands via the c parameter.
|
|||||
| CVE-2008-6950 | 1 Webhost-panel | 1 Bankoi Webhosting Control Panel | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.
|
|||||
| CVE-2008-0920 | 1 Open Source Security Information Management | 1 Os-sim | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression.
|
|||||
| CVE-2008-4498 | 1 Phpautos | 1 Phpautos | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2008-4713 | 1 212cafe | 1 212cafeboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.php in 212cafe Board 0.07 allows remote attackers to execute arbitrary SQL commands via the qID parameter.
|
|||||
| CVE-2008-4778 | 1 Dream4 | 1 Koobi Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action.
|
|||||
| CVE-2008-3124 | 1 Mole Group | 1 Hotel Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Mole Group Hotel Script 1.0 allows remote attackers to execute arbitrary SQL commands via the file parameter.
|
|||||
| CVE-2009-2339 | 1 Rentventory | 1 Rentventory | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter.
|
|||||
| CVE-2008-0353 | 1 Php-residence | 1 Php-residence | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in visualizza_tabelle.php in php-residence 0.7.2 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cognome_cerca parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-3377 | 1 Brandon Tallent | 1 Phptest | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter.
|
|||||
| CVE-2008-5321 | 2 Xoops, Xoops Hocasi | 2 Xoops, Gesgaleri | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in GesGaleri, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the no parameter.
|
|||||
| CVE-2008-2755 | 1 Jamm-media | 1 Jamm Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in JAMM CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-0144 | 1 Phprisk | 1 Netrisk | 2025-04-09 | 7.5 HIGH | N/A |
|
PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences.
|
|||||
| CVE-2008-6425 | 1 Comicshout | 1 Comicshout | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in ComicShout 2.8 allows remote attackers to execute arbitrary SQL commands via the news_id parameter, a different vector than CVE-2008-2456.
|
|||||
| CVE-2007-4719 | 1 212cafe | 1 212cafeboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-5638 | 1 Activewebsoftwares | 1 Active Price Comparison | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp.
|
|||||
| CVE-2008-1427 | 2 Joobi, Joomla | 2 Acajoom, Com Acajoom | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php.
|
|||||
| CVE-2009-4437 | 1 Activewebsoftwares | 1 Active Auction House | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1.
|
|||||
| CVE-2008-3585 | 1 Pozscripts | 1 Greencart Php Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) product_desc.php and (2) store_info.php.
|
|||||
| CVE-2009-3226 | 1 Almondsoft | 2 Affiliate Network Classifieds, Almond Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-2394 | 1 Tagworx | 1 Tagworx Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to contact.php and the (2) nid parameter to news.php.
|
|||||
| CVE-2008-6632 | 1 Mercuryboard | 1 Mercuryboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header ($_SERVER['HTTP_USER_AGENT']).
|
|||||
| CVE-2008-2633 | 1 Joomla | 2 Com Joomradio, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.
|
|||||
| CVE-2007-2111 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in Oracle Database 9.0.1.5, 9.2.0.7, and 10.1.0.5 allows remote authenticated users to inject arbitrary SQL commands via unknown vectors, aka DB04. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB04 is actually for multiple vulnerabilities.
|
|||||
| CVE-2008-0130 | 1 Instantsoftwares | 1 Dating Site | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-3351 | 1 Atomphotoblog | 1 Atomphotoblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action.
|
|||||