Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1644 | 1 Savas Place | 1 Savas Link Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewlinks.php in Sava's Link Manager 2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-2087 | 1 Softbiz | 1 Web Hosting Directory Script | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817.
|
|||||
| CVE-2008-3245 | 1 Cable-modems | 1 Phphoo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter.
|
|||||
| CVE-2007-6518 | 1 Woltlab | 1 Burning Board Lite | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in search.php in WoltLab Burning Board (wBB) Lite 1.0.2 pl3e allow remote attackers to execute arbitrary SQL commands via the (1) showposts, (2) sortby, and (3) sortorder parameters.
|
|||||
| CVE-2008-2451 | 1 Inmedias | 1 Statistics | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the Statistics (aka ke_stats) extension 0.1.2 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-5306 | 1 Pilot Group | 1 Pg Real Estate Solution | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/index.php in PG Real Estate Solution allows remote attackers to execute arbitrary SQL commands via the login_lg parameter (username). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5972 | 1 Activewebsoftwares | 1 Active Business Directory | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2008-1935 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the idFiliale parameter.
|
|||||
| CVE-2009-1282 | 1 Glfusion | 1 Glfusion | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter.
|
|||||
| CVE-2009-1500 | 1 Projectcms | 1 Projectcms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter.
|
|||||
| CVE-2009-3967 | 1 Ed Charkow | 1 Supercharged Linking | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in browse.php in Ed Charkow SuperCharged Linking allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-3419 | 1 Intesync | 1 Miniweb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Publisher module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter.
|
|||||
| CVE-2007-5104 | 1 Bcoos | 1 Bcoos | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Arcade module in bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the gid parameter in a play_game action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-5997 | 1 Softbizscripts | 1 Banner Exchange Network Script | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in campaign_stats.php in Softbiz Banner Exchange Network Script 1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-2789 | 2 Joomla, Permis | 2 Joomla, Com Groups | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Permis (com_groups) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a list action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-4952 | 1 Omnistar Interactive | 1 Omnistar Article Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917.
|
|||||
| CVE-2007-5084 | 1 Broadcom | 1 Brightstor Hierarchical Storage Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary SQL commands via CsAgent service commands with opcodes (1) 0x07, (2) 0x08, (3) 0x09, (4) 0x1E, (5) 0x32, (6) 0x36, (7) 0x40, and possibly others.
|
|||||
| CVE-2008-3673 | 1 Pozscripts | 1 Classified Ads | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in browsecats.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3672.
|
|||||
| CVE-2008-4328 | 1 Easyrealtorpro | 1 Easyrealtorpro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 allows remote attackers to execute arbitrary SQL commands via the (1) item, (2) search_ordermethod, and (3) search_order parameters.
|
|||||
| CVE-2008-1733 | 2 Joomla, Pragmaticutopia | 2 Joomla, Com Puarcade | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php.
|
|||||
| CVE-2008-4348 | 1 Outshine | 1 Phportfolio | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-4093 | 1 Yourownbux | 1 Yourownbux | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter.
|
|||||
| CVE-2009-2891 | 1 Phpscriptsnow | 1 Riddles | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2008-6625 | 1 Webbdomain | 1 Polls | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka Poll) 1.0 and 1.01 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2007-5189 | 1 X-script | 1 Guestbook | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters.
|
|||||
| CVE-2008-5816 | 1 Ilias | 1 Ilias | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter.
|
|||||
| CVE-2008-6696 | 2 Manu Oehler, Typo3 | 2 Toto, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2008-3672 | 1 Pozscripts | 1 Classified Ads | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showcategory.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3673. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-4912 | 1 Rs Maxsoft | 2 Fotogalerie, Rs Maxsoft | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in popup_img.php in the fotogalerie module in RS MAXSOFT allows remote attackers to execute arbitrary SQL commands via the fotoID parameter. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
|
|||||
| CVE-2009-1433 | 1 Silverstripe | 1 Silverstripe | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter.
|
|||||
| CVE-2007-3677 | 1 Maxsi | 1 Evisit Analyst | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) idsp1.pl, (2) ip.pl, and (3) einsite_director.pl. NOTE: this issue can be leveraged for path disclosure from resulting error messages.
|
|||||
| CVE-2008-0846 | 2 Joomla, Mambo | 2 Com Profile, Com Profile | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter.
|
|||||
| CVE-2009-3434 | 3 Joomla, Mambo, Onestopjoomla | 3 Joomla, Mambo, Com Tupinambis | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php.
|
|||||
| CVE-2008-2381 | 1 Gforge | 1 Gforge | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable.
|
|||||
| CVE-2009-2102 | 2 Com Jumi, Joomla | 2 Com Jumi, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and possibly other versions for Joomla allows remote attackers to execute arbitrary SQL commands via the fileid parameter to index.php.
|
|||||
| CVE-2008-5289 | 1 Scripts4you | 1 Clean Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6779 | 1 Phpnuke | 2 Php-nuke, Sarkilar Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a showcontent action to modules.php.
|
|||||
| CVE-2009-4338 | 2 Jean-david Gadina, Typo3 | 2 Slideshow, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Flash SlideShow (slideshow) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2008-0827 | 1 Phpnuke | 1 Book | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2006-6109 | 1 Candypress | 1 Candypress Store | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp.
|
|||||