Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6622 | 1 Webbdomian | 1 Post Card | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02, 1.01, and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2007-6543 | 1 Esyndicat | 1 Esyndicat Link Exchange | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-4166 | 2 Michal Hadr, Typo3 | 2 Mchtrips, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-6980 | 1 Phpadultsite | 1 Phpadultsite Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to execute arbitrary SQL commands via the results_per_page parameter to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-2989 | 1 Homap | 1 Homap | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in HoMaP-CMS 0.1 allows remote attackers to execute arbitrary SQL commands via the go parameter.
|
|||||
| CVE-2008-4159 | 1 Zanfi Solutions | 2 Jaw Portal, Zanfi Cms Lite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter.
|
|||||
| CVE-2008-0857 | 1 Woltlab | 1 Burning Board | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page.
|
|||||
| CVE-2009-2034 | 1 Ricardo Alexandre De Oliveira Staudt | 1 Yogurt | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in writemessage.php in Yogurt 0.3, when register_globals is enabled, allows remote authenticated users to execute arbitrary SQL commands via the original parameter.
|
|||||
| CVE-2008-5047 | 1 Mole Group | 1 Rental Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/index.php in Mole Group Rental Script allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2009-0299 | 1 Groonesworld | 1 Glinks | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Groone GLinks 2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2009-2926 | 1 Phpcompet.free | 1 Php Competition System | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php.
|
|||||
| CVE-2009-3644 | 2 Joomla, Soundset | 2 Joomla\!, Com Soundset | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php.
|
|||||
| CVE-2008-2667 | 2 Courier-mta, Suse | 2 Courtier-authlib, Open Suse | 2025-04-09 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors.
|
|||||
| CVE-2008-6784 | 1 Scripts-for-sites | 1 Ez Adult Directory | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
|
|||||
| CVE-2007-6664 | 1 Webportal | 1 Webportal Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.
|
|||||
| CVE-2006-7025 | 1 Sangwan Kim | 1 Bookmark4u | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter.
|
|||||
| CVE-2008-0157 | 1 Flexbb | 1 Flexbb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie.
|
|||||
| CVE-2008-2634 | 1 Bearrivernet.net | 1 I-pos Internet Pay Online Store | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.asp in I-Pos Internet Pay Online Store 1.3 Beta and earlier allows remote attackers to execute arbitrary SQL commands via the item parameter.
|
|||||
| CVE-2008-0832 | 2 Joomla, Mambo | 2 Kemas Antonius Com Quran, Kemas Antonius Com Quran | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Kemas Antonius com_quran 1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the surano parameter in a viewayat action.
|
|||||
| CVE-2009-1913 | 1 Luxbum | 1 Luxbum | 2025-04-09 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in manager.php in LuxBum 0.5.5, when magic_quotes_gpc is disabled and dotclear authentication is used, allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
|
|||||
| CVE-2009-4430 | 1 Virtuemart | 1 Virtuemart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in VirtueMart 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter in a shop.product_details shop.flypage action.
|
|||||
| CVE-2008-4711 | 1 Joovili | 1 Joovili | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.blog.php, (2) view.event.php, (3) view.group.php, (4) view.music.php, (5) view.picture.php, and (6) view.video.php.
|
|||||
| CVE-2008-4880 | 1 Maran | 1 Php Shop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879.
|
|||||
| CVE-2008-4335 | 1 Atomic Photo Album | 1 Atomic Photo Album | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in album.php in Atomic Photo Album (APA) 1.1.0pre4 allows remote attackers to execute arbitrary SQL commands via the apa_album_ID parameter.
|
|||||
| CVE-2009-4221 | 1 Smartisoft | 1 Phpbazar | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter, a different vector than CVE-2008-3767.
|
|||||
| CVE-2008-6952 | 1 Cms.maury91 | 1 Maurycms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.
|
|||||
| CVE-2008-6149 | 2 Joomla, Joomlaapps | 2 Joomla, Com Mdigg | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cagtegory parameter in a story_lists action to index.php.
|
|||||
| CVE-2009-1810 | 1 Collector | 1 Mycolex | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) medium.php, (4) person.php, or (5) schlagwort.php in modules/, related to classes/class.perform.php.
|
|||||
| CVE-2008-1921 | 1 5th Avenue Software | 1 5th Avenue Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in store_pages/category_list.php in 5th Avenue Shopping Cart 1.2 trial edition allows remote attackers to execute arbitrary SQL commands via the category_ID parameter.
|
|||||
| CVE-2008-4373 | 1 Availscript | 1 Availscript Jobs Portal Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in job_seeker/applynow.php in AvailScript Job Portal Script allows remote attackers to execute arbitrary SQL commands via the jid parameter.
|
|||||
| CVE-2008-4461 | 1 Vastal I-tech | 1 Dating Zone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in advanced_search_results.php in Vastal I-Tech Dating Zone, possibly 0.9.9, allows remote attackers to execute arbitrary SQL commands via the fage parameter.
|
|||||
| CVE-2008-6077 | 1 Loudblog | 1 Loudblog | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a and earlier allows remote authenticated users to execute arbitrary SQL commands via the colpick parameter in a singleread action.
|
|||||
| CVE-2009-1256 | 1 Flexcms | 1 Flexcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the ItemId parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6867 | 1 Scripts For Sites | 1 Ez Career | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in content.php in Scripts For Sites (SFS) EZ Career allows remote attackers to execute arbitrary SQL commands via the topic parameter.
|
|||||
| CVE-2008-4072 | 1 Phsdev | 1 Phsblog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588.
|
|||||
| CVE-2008-2425 | 1 Fichive | 1 Fichive | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the letter parameter in a Search action, a different vector than CVE-2008-2416. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-2579 | 1 Cs-cart | 1 Cs-cart | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.
|
|||||
| CVE-2008-0737 | 1 Shoppingtree | 1 Candypress Store | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/utilities_ConfigHelp.asp in CandyPress (CP) 4.1.1.26, and other 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the helpfield parameter.
|
|||||
| CVE-2008-4651 | 1 Jetbox | 1 Jetbox Cms | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) orderby parameter to admin/cms/images.php and the (2) nav_id parameter in an editrecord action to admin/cms/nav.php.
|
|||||
| CVE-2008-3506 | 1 Polypager | 1 Polypager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to execute arbitrary SQL commands via the nr parameter to the default URI.
|
|||||