Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6633 | 1 Beaussier | 1 Roomphplanning | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idresa parameter to resaopen.php.
|
|||||
| CVE-2009-1505 | 1 Drupal | 2 Drupal, News Page | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field.
|
|||||
| CVE-2008-6803 | 1 Yigit Aybuga | 1 Dizi Portali | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in diziler.asp in Yigit Aybuga Dizi Portali allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-2132 | 1 Systementor | 1 Postcardmentor | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in step1.asp in Systementor PostcardMentor allows remote attackers to execute arbitrary SQL commands via the cat_fldAuto parameter.
|
|||||
| CVE-2008-6488 | 1 Softcomplex | 1 Php Image Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action.
|
|||||
| CVE-2008-6596 | 1 Phpcredo | 1 Phcdownload | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/index.php in PHCDownload 1.1 allows remote attackers to execute arbitrary SQL commands via the hash parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-4625 | 2 Shiftthis, Wordpress | 2 Shifthis Newsletter, Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in stnl_iframe.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter, a different vector than CVE-2008-0683.
|
|||||
| CVE-2006-7170 | 1 Koan Software | 1 Mega Mall | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php.
|
|||||
| CVE-2008-1909 | 1 Chadha Software Technologies | 1 Phpkb Knowledge Base | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2008-4371 | 1 Availscript | 1 Availscript Article Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in articles.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the aIDS parameter.
|
|||||
| CVE-2007-5646 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.
|
|||||
| CVE-2007-6058 | 1 Profilecms | 1 Profilecms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) codes action in the profile-codes module, (2) videos action in the video-codes module, or (3) games action in the arcade-games module.
|
|||||
| CVE-2008-2874 | 1 Softbizscripts | 1 Softbiz Jokes And Funny Pics Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Softbiz Jokes & Funny Pics Script allows remote attackers to execute arbitrary SQL commands via the sbjoke_id parameter, a different vector than CVE-2008-1050.
|
|||||
| CVE-2008-0754 | 1 Joomla | 1 Com Rapidrecipe | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in the Rapid Recipe (com_rapidrecipe) 1.6.5 component for Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a showuser action or (2) the category_id parameter in a viewcategorysrecipes action.
|
|||||
| CVE-2008-5320 | 1 E107 | 1 E107 | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in usersettings.php in e107 0.7.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the ue[] parameter.
|
|||||
| CVE-2008-0762 | 1 Joomla | 1 Com Iomezun | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the com_iomezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.
|
|||||
| CVE-2008-0512 | 1 Joomla | 1 Com Fq | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the fq (com_fq) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter.
|
|||||
| CVE-2009-3439 | 1 Alienvault | 1 Ossim | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy me ...
Show More |
|||||
| CVE-2008-3582 | 1 Keld | 1 Php-mysql News Script | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2009-2614 | 1 Datachecknh | 1 Linkpal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions LinkPal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-0281 | 1 Id-commerce | 1 Id-commerce | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter.
|
|||||
| CVE-2008-6656 | 1 Openautoclassifieds | 1 Open Auto Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to listings.php and (2) the username field to login.php.
|
|||||
| CVE-2008-6093 | 1 Noname-cms | 1 Noname Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in Noname CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) file_id parameter in a detailansicht action and the (2) kategorie parameter in a kategorien action.
|
|||||
| CVE-2008-1406 | 1 Exv2 | 1 Exv2 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the lid parameter in an ImprAnn action.
|
|||||
| CVE-2008-2428 | 1 Torrenttrader | 1 Torrenttrader Classic | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action.
|
|||||
| CVE-2007-6491 | 1 Kvaliitti | 1 Webdoc Cms | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp.
|
|||||
| CVE-2009-1950 | 1 Ahmet Donmez | 1 Webeyes Guest Book | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter.
|
|||||
| CVE-2009-1499 | 1 Joomla | 2 Com Mailto, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the MailTo (aka com_mailto) component in Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in index.php. NOTE: SecurityFocus states that this issue has been disputed by the vendor.
|
|||||
| CVE-2008-3706 | 1 Zeeways | 1 Zeejobsite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
|
|||||
| CVE-2009-2383 | 2 Blogtrafficexchange, Wordpress | 2 Related-sites, Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the guid parameter.
|
|||||
| CVE-2008-6026 | 1 Bluecube | 1 Bluecube Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tienda.php in BlueCUBE CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-1094 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in index.cgi in the Account View page in Barracuda Spam Firewall (BSF) before 3.5.12.007 allows remote authenticated administrators to execute arbitrary SQL commands via a pattern_x parameter in a search_count_equals action, as demonstrated by the pattern_0 parameter.
|
|||||
| CVE-2008-1308 | 2 Phpnuke, Sudirman Angriawan | 2 Php-nuke, Nukec30 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action to modules.php.
|
|||||
| CVE-2009-0881 | 1 Josema Enzo | 1 Isiajax | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-2523 | 1 Raknet | 1 Autopatcher Server | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Autopatcher server plugin in RakNet before 3.23 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-3406 | 1 Phplinkat | 1 Phplinkat | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2008-3417 | 1 Fipsasp | 1 Fipscms Light | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the r parameter, a different vector than CVE-2006-6115 and CVE-2007-2561.
|
|||||
| CVE-2008-5978 | 1 Ocean12 Technologies | 1 Mailing List Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp.
|
|||||
| CVE-2008-6808 | 1 Scripts-for-sites | 1 Ez Link Directory | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in links.php in Scripts for Sites (SFS) EZ Link Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
|
|||||
| CVE-2008-4176 | 1 Asp Indir | 1 Fot Video Scripti | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta allows remote attackers to execute arbitrary SQL commands via the oyun parameter.
|
|||||