Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2019 | 1 Virtuenetz | 1 Virtue News Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news_detail.php in Virtue News Manager allows remote attackers to execute arbitrary SQL commands via the nid parameter.
|
|||||
| CVE-2008-6422 | 1 Psychostats | 1 Psychostats | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php.
|
|||||
| CVE-2007-5975 | 1 Torrentstrike | 1 Torrentstrike | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in TBSource, as used in (1) TBDev and (2) TorrentStrike 0.4, allows remote authenticated users to execute arbitrary SQL commands via the choice parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-2746 | 1 Gryphon | 1 Gllcts2 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the detail parameter.
|
|||||
| CVE-2008-6181 | 2 Joomla, Mad4media | 2 Joomla, Com Mad4joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php.
|
|||||
| CVE-2007-2113 | 1 Oracle | 1 Database Server | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Upgrade/Downgrade component (DBMS_UPGRADE_INTERNAL) for Oracle Database 10.1.0.5 allows remote authenticated users to execute arbitrary SQL commands via unknown vectors, aka DB07. NOTE: as of 20070424, Oracle has not disputed reliable claims that DB07 is actually for multiple issues.
|
|||||
| CVE-2008-6777 | 1 Myphp | 1 Myphp Forum | 2025-04-09 | 5.1 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a confirm action, the (2) user parameter in a newconfirm action, and (3) reqpwd action to member.php; and the (4) quote parameter in a post action and (5) pid parameter in an edit action to post.php, different vectors than CVE-2005-0413.2 and CVE-2007-6667.
|
|||||
| CVE-2008-0815 | 2 Egitimhost, Joomla | 2 Com Mezun, Com Mezun | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task.
|
|||||
| CVE-2007-5973 | 1 Jportal | 1 Jportal Web Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in articles.php in JPortal 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter.
|
|||||
| CVE-2009-2337 | 1 W3bcms | 2 Gaestebuch Guestbook Module, W3bcms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter.
|
|||||
| CVE-2008-3943 | 1 Ezonescripts | 1 Living Local | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to execute arbitrary SQL commands via the r parameter.
|
|||||
| CVE-2008-2793 | 1 Clip-share | 1 Clipshare | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in group_posts.php in ClipShare before 3.0.1 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
|
|||||
| CVE-2008-3027 | 1 Vangogh Web Cms | 1 Vangogh Web Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the article_ID parameter to index.php.
|
|||||
| CVE-2008-1559 | 2 Bernard Gilly, Joomla | 2 Com Alphacontent, Joomla\! | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
|
|||||
| CVE-2007-6380 | 1 E-xoops | 1 E-xoops | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues t ...
Show More |
|||||
| CVE-2009-3327 | 1 Webilix | 1 Wx-guestbook | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the (1) QUERY parameter to search.php and (2) USERNAME parameter to login.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-0802 | 2 Joomla, Mediaslide | 2 Com Mediaslide, Com Mediaslide | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the MediaSlide (com_mediaslide) 0.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the albumnum parameter in a contact action.
|
|||||
| CVE-2008-3753 | 1 Yourfreeworld | 1 Programs Rating Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in details.php in YourFreeWorld Programs Rating Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-5679 | 1 Deeemm | 1 Dmcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in DeeEmm.com DM CMS 0.7.0.Beta allows remote attackers to execute arbitrary SQL commands via the id parameter in the media page (build_media_content.php). NOTE: it was later reported that 0.7.4 is also affected.
|
|||||
| CVE-2008-5636 | 1 Lovedesigner | 1 Lito Lite Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2008-1539 | 1 Futurenuke | 1 Php Nuke Platinum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke Platinum 7.6.b.5 allows remote attackers to execute arbitrary SQL commands via the p parameter to modules.php for the Forums module.
|
|||||
| CVE-2008-4709 | 1 Pilot Group | 1 Etraining | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news_read.php in Pilot Group (PG) eTraining allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-0363 | 1 Clever Copy | 1 Clever Copy | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php.
|
|||||
| CVE-2007-4918 | 1 Gelatocms | 1 Gelatocms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php.
|
|||||
| CVE-2007-6580 | 1 Wallpaper | 1 Wallpaper Complete Website | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to editadgroup.php.
|
|||||
| CVE-2008-0771 | 1 Site2nite | 1 Real Estate Web | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in default.asp in Site2Nite allow remote attackers to execute arbitrary SQL commands via the (1) txtUserName and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-2154 | 1 Sappy.dk | 1 Impleo Music Collection | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2007-6035 | 1 Cacti | 1 Cacti | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter.
|
|||||
| CVE-2009-3495 | 1 Vastal | 1 Dvd Zone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465.
|
|||||
| CVE-2006-5629 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 before Hotfix 3.3 allow remote attackers to execute arbitrary SQL commands via the ForumID parameter in (1) DisableForum.asp and (2) enableForum.asp. NOTE: it was later reported that the vulnerability is present in 6.1 Hotfix 3.3 and earlier.
|
|||||
| CVE-2009-0373 | 2 Elearningforce, Joomla | 2 Flash Magazine Deluxe, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php.
|
|||||
| CVE-2009-0111 | 1 Goople Cms | 1 Goople Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2009-0420 | 2 Joomla, Rd-media | 2 Joomla, Rd-autos | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
|
|||||
| CVE-2008-2222 | 1 Eqdkp | 1 Eqdkp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote attackers to bypass EQdkp user authentication via the user_id parameter.
|
|||||
| CVE-2008-6471 | 1 Mountaingrafix | 1 Easylink | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.php in MountainGrafix easyLink 1.1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a show action.
|
|||||
| CVE-2009-0963 | 1 Xlinesoft | 1 Phprunner | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.
|
|||||
| CVE-2009-4341 | 2 Mischa Heissmann, Typo3 | 2 No Indexed Search, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the No indexed Search (no_indexed_search) extension 0.2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2008-4156 | 1 Customcms | 1 Gaming Portal | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Portal 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-5221 | 1 Cahier De Textes | 1 Cahier De Textes | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) matiere_ID parameter in lire.php or the (2) classe_ID parameter in lire_a_faire.php.
|
|||||
| CVE-2008-5863 | 2 V-gn, Woltlab | 2 Userlocator, Burning Board | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in locator.php in the Userlocator module 3.0 for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the y parameter in a get_user action.
|
|||||