Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4675 | 1 Phpcounter | 1 Phpcounter | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PHPcounter 1.3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
|
|||||
| CVE-2008-6692 | 2 Fr.simon Rundell, Typo3 | 2 Pd Trainingcourses, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Diocese of Portsmouth Training Courses (pd_trainingcourses) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2009-3321 | 1 Saphplesson | 1 Saphplesson | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the CLIENT_IP HTTP header.
|
|||||
| CVE-2009-2010 | 1 Haudenschilt | 1 Family Connections Cms | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) thread parameter to messageboard.php, (2) member parameter to profile.php, (3) pid parameter to gallery/index.php, and the (4) fcms_login_id cookie parameter.
|
|||||
| CVE-2009-3971 | 2 Joomla, Jtips | 2 Joomla\!, Com Jtips | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 and 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the season parameter in a ladder action to index.php.
|
|||||
| CVE-2008-0490 | 1 Wordpress | 1 Wp Cal Plugin | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in functions/editevent.php in the WP-Cal 0.3 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-2230 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka MyBulletinBoard) before 1.4.7 allows remote authenticated users to execute arbitrary SQL commands via the birthdayprivacy parameter.
|
|||||
| CVE-2008-4659 | 1 Typo3 | 2 Mannschaftsliste, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Mannschaftsliste (kiddog_playerlist) 1.0.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-0385 | 1 Urulu | 1 Urulu | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with (1) statprt/js/request or (2) dyn/js/request in the PATH_INFO.
|
|||||
| CVE-2008-5004 | 1 Mywebland | 1 Bloggie Lite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie.
|
|||||
| CVE-2009-2608 | 1 Chatelao | 1 Php Address Book | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.
|
|||||
| CVE-2008-6117 | 1 Pilotgroup | 1 Pg Job Site Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action.
|
|||||
| CVE-2007-6667 | 1 Myphp | 1 Myphp Forum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by CVE-2005-0413.
|
|||||
| CVE-2008-3123 | 1 Mole Group | 1 Real Estate Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Mole Group Real Estate Script 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.
|
|||||
| CVE-2008-3484 | 1 Estoreaff | 1 Estoreaff | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php.
|
|||||
| CVE-2008-2339 | 1 Turnkeywebtools | 1 Sunshop Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Turnkey Web Tools SunShop Shopping Cart 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an item action, a different vector than CVE-2008-2038, CVE-2007-4597, and CVE-2007-2549.
|
|||||
| CVE-2008-5788 | 1 Domainsellerpro | 1 Domain Seller Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6309 | 1 W3matter | 1 Askpert | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in W3matter AskPert allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-2886 | 1 Phpscriptsnow | 1 President Bios | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter.
|
|||||
| CVE-2008-3413 | 1 Greatclone | 1 Auction Platinum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in category.php in Greatclone GC Auction Platinum allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
|
|||||
| CVE-2009-1487 | 1 Rens Rikkerink | 1 Fungamez | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pages/login.php in FunGamez RC1 allows remote attackers to execute arbitrary SQL commands via the login_user (aka username) parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-5122 | 1 Softbizscripts | 1 Classifieds Plus Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in store_info.php in SoftBiz Classifieds PLUS allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-5829 | 1 Aiocp | 1 Aiocp | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.007 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) choosed_language parameter to (a) cp_dpage.php, (b) cp_news.php, (c) cp_forum_view.php, (d) cp_edit_user.php, (e) cp_newsletter.php, (f) cp_links.php, (g) cp_contact_us.php, (h) cp_login.php, and (i) cp_codice_fiscale.php in public/code/; (2) news_category parameter to public/code/cp_news.php; (3) nlmsg_nlcatid parameter to public/cod ...
Show More |
|||||
| CVE-2009-0965 | 1 Ismail Fahmi | 1 Ganesha Digital Library | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in functions/browse.php in Ganesha Digital Library (GDL) 4.0 and 4.2 allows remote attackers to execute arbitrary SQL commands via the node parameter in a browse action to gdl.php.
|
|||||
| CVE-2008-0734 | 1 Limbo Cms | 1 Limbo Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php.
|
|||||
| CVE-2008-6851 | 1 Php Link Directory | 1 Php Link Directory | 2025-04-09 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the name parameter.
|
|||||
| CVE-2008-6964 | 1 X7 Group | 1 X7 Chat | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field.
|
|||||
| CVE-2009-3082 | 1 Snowhall | 1 Silurus System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in wcategory.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-0598 | 1 Phpmesfilms | 1 Phpmesfilms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-0817 | 2 Joomla, Mambo | 2 Com Filebase Component, Com Filebase Component | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action.
|
|||||
| CVE-2008-5434 | 1 Punbb | 1 Punbb | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php.
|
|||||
| CVE-2008-3756 | 1 Yourfreeworld | 1 Viral Marketing Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-3495 | 1 Aspindir | 1 Pcshey Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter.
|
|||||
| CVE-2007-4368 | 1 Ibm | 1 Rational Clearquest | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command.
|
|||||
| CVE-2007-1573 | 1 Jelsoft | 1 Vbulletin | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field.
|
|||||
| CVE-2008-6352 | 1 Xpoze | 1 Xpoze Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows remote attackers to execute arbitrary SQL commands via the menu parameter.
|
|||||
| CVE-2008-4605 | 1 Cafeengine | 1 Easycafeengine | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) dish.php and (2) menu.php.
|
|||||
| CVE-2008-2278 | 1 Freelanceauction | 1 Freelance Auction Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in browseproject.php in Freelance Auction Script 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a pdetails action.
|
|||||
| CVE-2008-4655 | 1 Typo3 | 2 Simplesurvey, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-0785 | 1 Cacti | 1 Cacti | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login.
|
|||||