Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1650 | 1 Tenfourzero | 1 Shutter | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html.
|
|||||
| CVE-2007-2571 | 1 Xoops | 1 Wfquotes Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action.
|
|||||
| CVE-2008-4355 | 1 Powie | 1 Pforum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum (aka PHP Forum or pForum) 1.30 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-4569 | 1 Elkagroup | 1 Image Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/.
|
|||||
| CVE-2008-5223 | 1 Airvae | 1 Commerce | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
|
|||||
| CVE-2008-5216 | 1 Aj Square | 1 Zeuscart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2008-4376 | 1 Livetvscript | 1 Live Tv Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Live TV Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.
|
|||||
| CVE-2007-6158 | 1 Proverbs | 1 Proverbs Web Calendar | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php.
|
|||||
| CVE-2009-3356 | 1 Plohni | 1 Image Voting | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Image voting 1.0 allows remote attackers to execute arbitrary SQL commands via the show parameter.
|
|||||
| CVE-2008-3784 | 2 Btitracker Project, Xbtitracker Project | 2 Btitracker, Xbtitracker | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and earlier and xBtiTracker 2.0.542 and earlier allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.
|
|||||
| CVE-2008-3089 | 1 Xpoze | 1 Xpoze Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze Pro CMS 2008) allows remote attackers to execute arbitrary SQL commands via the uid parameter.
|
|||||
| CVE-2008-2916 | 1 Preprojects | 1 Pre Ads Portal | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to showcategory.php and the (2) id parameter to software-description.php.
|
|||||
| CVE-2008-5488 | 1 E-topbiz | 1 Domain Shop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 allows remote attackers to execute arbitrary SQL commands via the passfromform parameter.
|
|||||
| CVE-2008-3719 | 1 Scripts-for-sites | 1 Affiliate Directory | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in directory.php in SFS Affiliate Directory allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action.
|
|||||
| CVE-2009-2004 | 1 Dokeos | 1 Dokeos | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) course parameters, a different vector than CVE-2007-2902.
|
|||||
| CVE-2008-6091 | 1 Bmforum | 1 Bmforum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in plugins.php in BMForum 5.6, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tagname parameter.
|
|||||
| CVE-2008-0773 | 3 Joomla, Mambo, Phil Taylor | 4 Com Comments, Com Comments, Comments and 1 more | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-3366 | 1 Pligg | 1 Pligg Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2008-1774.
|
|||||
| CVE-2007-6583 | 1 1024 Cms | 1 1024 Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter.
|
|||||
| CVE-2009-3514 | 1 Marcin Manek | 1 D.net Cms | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admin/index.php.
|
|||||
| CVE-2009-2354 | 1 Nulllogic | 1 Groupware | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2008-2971 | 1 Cistyle | 1 Ciblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-0829 | 1 Andrew Freed | 1 Quotebook | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in QuoteBook allow remote attackers to execute arbitrary SQL commands via the (1) MyBox and (2) selectFavorites parameters to (a) quotes.php and the (3) QuoteName and (4) QuoteText parameters to (b) quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-0543 | 1 Pre Projects | 1 Pre Dynamic Institution | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-0789 | 1 Li-scripts | 1 Li-countdown | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in countdown.php in LI-Scripts LI-Countdown allows remote attackers to execute arbitrary SQL commands via the years parameter.
|
|||||
| CVE-2009-0883 | 1 Amunak | 1 Blue Eye Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter.
|
|||||
| CVE-2008-4603 | 1 Igaming | 1 Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search_games action.
|
|||||
| CVE-2008-2835 | 1 Igsuite | 1 Igsuite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows remote attackers to execute arbitrary SQL commands via the formid parameter.
|
|||||
| CVE-2008-5270 | 1 Wareziz | 1 Yuhhu Superstar 2008 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 allows remote attackers to execute arbitrary SQL commands via the board parameter.
|
|||||
| CVE-2008-1149 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 5.1 MEDIUM | N/A |
|
phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters instead of $_GET and $_POST, which allows attackers in the same domain to override certain variables and conduct SQL injection and Cross-Site Request Forgery (CSRF) attacks by using crafted cookies.
|
|||||
| CVE-2008-0451 | 1 Pacercms | 1 Pacercms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) siteadmin/article-edit.php; and unspecified parameters to (2) submitted-edit.php, (3) page-edit.php, (4) section-edit.php, (5) staff-edit.php, and (6) staff-access.php in siteadmin/.
|
|||||
| CVE-2009-0106 | 1 Phpauctions | 1 Phpauctions | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
|
|||||
| CVE-2009-1411 | 1 Neocrome | 1 Seditio | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in events/inc/events.inc.php in the Events plugin for Seditio CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the c parameter to plug.php.
|
|||||
| CVE-2009-0326 | 1 Dark Age Cms | 1 Dark Age Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6452 | 1 Oceandir | 1 Oceandir | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in show_vote.php in Oceandir 2.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6419 | 1 Socialsitegenerator | 1 Social Site Generator | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Social Site Generator (SSG) 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) sgc_id parameter to display_blog.php, (2) scm_mem_id parameter to social_my_profile_download.php, and the (3) catid parameter to social_forum_subcategories.php.
|
|||||
| CVE-2009-3062 | 1 Phplivesupport. | 1 Phplive\! | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in message_box.php in OSI Codes PHP Live! 3.3 allows remote attackers to execute arbitrary SQL commands via the deptid parameter.
|
|||||
| CVE-2008-4647 | 1 Sweetcms | 1 Sweetcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2009-2639 | 1 Mrcgiguy | 1 The Ticket System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action.
|
|||||
| CVE-2008-0232 | 1 Zero Cms | 1 Zero Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php.
|
|||||