Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4701 | 1 Liberiacms | 1 Liberia Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in admin.php in Libera CMS 1.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_user cookie parameter, a different vector than CVE-2008-4700. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-0297 | 1 Clicktech | 1 Clickauction | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login_check.asp in ClickAuction allows remote attackers to execute arbitrary SQL commands via the (1) txtEmail and (2) txtPassword parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5739 | 1 Pligg | 1 Pligg Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter.
|
|||||
| CVE-2008-6270 | 1 Miticdjd | 1 Apoll | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the user parameter.
|
|||||
| CVE-2008-4377 | 1 Creative Mind | 1 Creator Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.asp in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the sideid parameter.
|
|||||
| CVE-2007-4979 | 1 Kwsphp | 1 Kwsphp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the sondages module in KwsPHP 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a results action, a different module than CVE-2007-4956.2.
|
|||||
| CVE-2008-3154 | 1 Webblizzard | 1 Content Management System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in WebBlizzard CMS allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2008-1646 | 2 Arnos Toolbox, Wordpress | 2 Wp-download, Wp Download | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter.
|
|||||
| CVE-2009-1655 | 1 Easy-scripts | 1 Answer And Question Script | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password.
|
|||||
| CVE-2008-6257 | 1 Openasp | 1 Openasp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in Openasp 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idpage parameter in the pages module.
|
|||||
| CVE-2008-6014 | 1 Rianxosencabos Cms | 1 Rianxosencabos Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS 0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6124 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt.
|
|||||
| CVE-2008-3418 | 1 Willo | 1 Trio | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in browse.php in TriO 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-5132 | 1 Memht | 1 Memht Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
|
|||||
| CVE-2008-0677 | 1 A-blog | 1 A-blog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in blog.php in A-Blog 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a news action.
|
|||||
| CVE-2008-5751 | 1 Alstrasoft | 1 Web Email Script Enterprise | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action.
|
|||||
| CVE-2008-2384 | 2 Apache, Joey Schulze | 2 Http Server, Mod Auth Mysql | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.
|
|||||
| CVE-2007-6575 | 1 Brand039 | 1 Mmslamp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.php in MMSLamp allows remote attackers to execute arbitrary SQL commands via the idpro parameter in a prodotti_dettaglio action.
|
|||||
| CVE-2007-6080 | 1 Bcoos | 1 Bcoos | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules/banners/click.php in the banners module for bcoos 1.0.10 allows remote attackers to execute arbitrary SQL commands via the bid parameter. NOTE: it was later reported that 1.0.13 is also affected.
|
|||||
| CVE-2007-6292 | 1 Mwopen | 1 E-commerce | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-0811 | 1 Auracms | 1 Auracms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php.
|
|||||
| CVE-2008-3386 | 1 Alstrasoft | 1 Video Share Enterprise | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086.
|
|||||
| CVE-2009-0493 | 1 Martin Unzner | 1 It\!cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier allows remote attackers to execute arbitrary SQL commands via the Username.
|
|||||
| CVE-2008-2191 | 1 Postnuke Software Foundation | 1 Pnencyclopedia | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and earlier for PostNuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a display_term action to index.php.
|
|||||
| CVE-2008-2522 | 1 Haudenschilt | 1 Battlenet Clan Script | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in members.php in Battle.net Clan Script for PHP 1.5.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showmember parameter in a members action.
|
|||||
| CVE-2009-0968 | 2 Fahlstad, Wordpress | 2 Fmoblog Plugin, Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-4906 | 2 E107, W1n78 | 2 E107, Lyrics | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-5508 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the CTXSYS Intermedia application for the Oracle Text component (CTX_DOC) in Oracle Database 10.1.0.5 and 10.2.0.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) THEMES, (2) GIST, (3) TOKENS, (4) FILTER, (5) HIGHLIGHT, and (6) MARKUP procedures, aka DB03. NOTE: remote unauthenticated attack vectors exist when CTXSYS is used with oracle Application Server.
|
|||||
| CVE-2008-6853 | 1 Netcat | 1 Netcat | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID parameter.
|
|||||
| CVE-2007-6171 | 1 Digium | 1 Asterisk | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Postgres Realtime Engine (res_config_pgsql) in Asterisk 1.4.x before 1.4.15 and C.x before C.1.0-beta6 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2009-2018 | 1 Jaredeckersley | 1 Mycars | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authuserid parameter.
|
|||||
| CVE-2008-0498 | 1 Bigware | 1 Bigware Shop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php.
|
|||||
| CVE-2008-2118 | 1 Project Alumni | 1 Project Alumni | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-5016 | 1 Insane Visions | 1 Onecms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in userreviews.php in OneCMS 2.4 allows remote attackers to execute arbitrary SQL commands via the abc parameter.
|
|||||
| CVE-2007-4894 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and Wordpress multi-user (MU) before 1.2.5a allow remote attackers to execute arbitrary SQL commands via the post_type parameter to the pingback.extensions.getPingbacks method in the XMLRPC interface, and other unspecified parameters related to "early database escaping" and missing validation of "query string like parameters."
|
|||||
| CVE-2009-3645 | 2 Joomla, Joomlacache | 2 Joomla\!, Com Cbresumebuilder | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JoomlaCache CB Resume Builder (com_cbresumebuilder) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a group_members action to index.php.
|
|||||
| CVE-2008-3265 | 1 Joomla | 1 Com Dtregister | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the eventId parameter in a pay_options action to index.php.
|
|||||
| CVE-2007-6670 | 1 Phpcredo | 1 Phcdownload | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to execute arbitrary SQL commands via the string parameter.
|
|||||
| CVE-2007-1960 | 1 Xoops | 1 Rha7 Downloads Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter.
|
|||||
| CVE-2008-3213 | 1 Webcms | 1 Webcms Portal Edition | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter to portal/index.php in a tablon action. NOTE: some of these details are obtained from third party information.
|
|||||