Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6114 | 2 E107, Mytipper | 2 E107, Zogo Shop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter.
|
|||||
| CVE-2008-4755 | 1 Pozscripts | 1 Classified Auctions Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-2866 | 1 Caupo.net | 1 Cauposhop Classic | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in csc_article_details.php in Caupo.net CaupoShop Classic 1.3 allows remote attackers to execute arbitrary SQL commands via the saArticle[ID] parameter.
|
|||||
| CVE-2008-3944 | 1 Discountedscripts | 1 Acg Ptp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action.
|
|||||
| CVE-2008-1336 | 1 Koobi | 1 Koobi Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows remote attackers to execute arbitrary SQL commands via the categ parameter in a links action to index.php, a different vector than CVE-2008-1122.
|
|||||
| CVE-2008-5785 | 1 V3chat | 1 V3 Chat Profiles Dating Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
|
|||||
| CVE-2008-1496 | 1 Peel | 1 Peel | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php.
|
|||||
| CVE-2008-6272 | 1 Miticdjd | 1 Apoll | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the pass parameter.
|
|||||
| CVE-2008-4173 | 1 Proarcadescript | 1 Proarcadescript | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ProArcadeScript 1.3 allows remote attackers to execute arbitrary SQL commands via the random parameter to the default URI.
|
|||||
| CVE-2008-2197 | 1 Miniweb2 | 1 Blog Writer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php.
|
|||||
| CVE-2009-1245 | 1 Cccp-common-clan-portal-pasterbin | 1 Cccp Pastebin | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the insert_to_pastebin function in php/cccp-admin/inc/functions.php in CCCP Community Clan Portal Pastebin before 2.80 allow remote attackers to execute arbitrary SQL commands via the (1) subject, (2) language, and (3) nickname parameters to php/cccp-pages/submit.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-4386 | 1 Bookingcentre | 1 Booking System For Hotels Group | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors.
|
|||||
| CVE-2008-3119 | 1 Dreamlevels | 1 Dream Pics Builder | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in DreamPics Builder allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2008-6040 | 1 Agares Media | 1 Arcadem Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Arcadem Pro 2.700 through 2.802 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter, probably related to includes/articleblock.php.
|
|||||
| CVE-2008-2560 | 1 Fourtwosevenbb | 1 427bb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter.
|
|||||
| CVE-2007-6671 | 1 Instantsoftwares | 1 Dating Site | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Password parameter, a different product than CVE-2006-6021. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-2856 | 1 Ownrs | 1 Ownrs | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-5165 | 1 Eticket | 1 Eticket | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote attackers to execute arbitrary SQL commands via the pri parameter to (1) index.php, (2) open.php, (3) open_raw.php, and (4) newticket.php.
|
|||||
| CVE-2009-0384 | 1 Adam Tomecek | 1 Ownrs | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-0604 | 1 Php Director | 1 Php Director | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter.
|
|||||
| CVE-2009-4423 | 1 Weentech | 1 Weencompany | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in weenCompany 4.0.0 allows remote attackers to execute arbitrary SQL commands via the moduleid parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-1911 | 1 1024 Cms | 1 1024 Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 beta and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a cookpass cookie.
|
|||||
| CVE-2008-0878 | 1 Runcms | 1 Myannonces | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the MyAnnonces 1.7 and earlier module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
|
|||||
| CVE-2008-4517 | 1 Geccbblite | 1 Geccbblite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-6073 | 1 Enthrallweb | 1 Eshopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp.
|
|||||
| CVE-2009-3758 | 1 Citrix | 1 Xencenterweb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-1840 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.
|
|||||
| CVE-2009-2592 | 1 Phpjunkyard | 1 Gbook | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6 allows remote attackers to execute arbitrary SQL commands via the mes_id parameter.
|
|||||
| CVE-2009-4037 | 1 Frontaccounting | 1 Frontaccounting | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7, and 2.2.x before 2.2 RC, allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/db/users_db.inc, and various other .inc and .php files under (2) admin/, (3) dimensions/, (4) gl/, (5) inventory/, (6) manufacturing/, and (7) purchasing/.
|
|||||
| CVE-2007-4714 | 1 Yvora | 1 Yvora | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in error_view.php in Yvora 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2007-4173 | 1 Hunkaray Okul | 1 Portaly | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-3080.
|
|||||
| CVE-2008-6889 | 1 Activewebsoftwares | 1 Aspreferral | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.
|
|||||
| CVE-2008-1344 | 1 Myiosoft | 1 Easycalendar | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in a dayview action to plugins/calendar/calendar_backend.php and the (2) page parameter to ajaxp_backend.php.
|
|||||
| CVE-2009-2640 | 1 Interlogy | 1 Profile Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow remote attackers to execute arbitrary SQL commands via a pmadm cookie in (1) an edittemp action or (2) a users action.
|
|||||
| CVE-2009-2593 | 1 Censura | 1 Censura | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action.
|
|||||
| CVE-2008-4744 | 1 Dxproscripts | 1 Dxshopcart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to execute arbitrary SQL commands via the pid parameter.
|
|||||
| CVE-2009-2008 | 1 Dokeos | 1 Dokeos | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2.
|
|||||
| CVE-2007-5688 | 3 Invision Power Services, Phpbb, Sebflipper | 3 Invision Power Board, Phpbb, Multi-forums Module | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in directory.php in the Multi-Forums (aka Multi Host Forum Pro) module 1.3.3, for phpBB and Invision Power Board (IPB or IP.Board), allow remote attackers to execute arbitrary SQL commands via the (1) go and (2) cat parameters.
|
|||||
| CVE-2008-2915 | 1 Preprojects | 1 Pre Job Board | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in jobseekers/JobSearch.php (aka the search module) in Pre Job Board allow remote attackers to execute arbitrary SQL commands via the (1) position or (2) kw parameter.
|
|||||
| CVE-2009-1947 | 1 Newsboard | 1 Unclassified Newsboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the UnbDbEncode function in unb_lib/database.lib.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to execute arbitrary SQL commands via the Query parameter in a search action to forum.php, a different vector than CVE-2005-3686.
|
|||||