Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3208 | 1 Prakashatma Mishra | 1 Phpfreebb | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to permalink.php and (2) year parameter to index.php.
|
|||||
| CVE-2008-4466 | 1 Vastal I-tech | 1 Cosmetics Zone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_products_cat.php in Vastal I-Tech Cosmetics Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
|
|||||
| CVE-2007-6498 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp.
|
|||||
| CVE-2008-0916 | 1 Highwood Design | 1 Hwdvideoshare | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Highwood Design hwdVideoShare (com_hwdvideoshare) 1.1.3 Alpha component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a viewcategory action to index.php.
|
|||||
| CVE-2008-6033 | 1 Wsn Links | 1 Wsn Links | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-2669 | 1 Y-blog | 1 Yblog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the q parameter to search.php, or the n parameter to (2) user.php or (3) uss.php.
|
|||||
| CVE-2008-6378 | 1 Mxmania | 1 Calendar Mx Professional | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx Professional 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2009-0516 | 1 Businessspace | 1 Businessspace | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the classified page (classified.php) in BusinessSpace 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
|
|||||
| CVE-2009-3480 | 2 Isygen, Joomla | 2 Icrm Basic, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! allows remote attackers to execute arbitrary SQL commands via the p3 parameter to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-2697 | 2 Joomla, Rapid-source | 2 Com Rapidrecipe, Rapid Recipe | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) component 1.6.6 and 1.6.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the recipe_id parameter in a viewrecipe action to index.php.
|
|||||
| CVE-2008-2263 | 1 Cmsnx | 1 Automated Link Exchange Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in linking.page.php in Automated Link Exchange Portal allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: linking.page.php is commonly renamed to link.php, links.php, etc.
|
|||||
| CVE-2009-4428 | 2 Joomla, Joomplace | 2 Joomla, Com Joomportfolio | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php.
|
|||||
| CVE-2009-1034 | 1 Drupal | 1 Tasklist | 2025-04-09 | 10.0 HIGH | N/A |
|
SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI.
|
|||||
| CVE-2008-4574 | 1 Aspindir | 1 Ayco Okul Portali | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
|
|||||
| CVE-2009-1023 | 1 Phpcomasy | 1 Phpcomasy | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in phpComasy 0.9.1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter.
|
|||||
| CVE-2009-3336 | 1 Phpprobid | 1 Php Pro Bid | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in auction_details.php in PHP Pro Bid allows remote attackers to execute arbitrary SQL commands via the auction_id parameter.
|
|||||
| CVE-2007-6078 | 1 Skyportal | 1 Skyportal | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) nc_top.asp; (2) inc_bookmarks.asp, possibly involving a parameter passed from cp_main.asp; (3) inc_profile_functions.asp; or (4) inc_SUBSCRIPTIONS.asp; or the (5) Avatar_URL, (6) LINK1, or (7) LINK2 parameter to cp_main.asp in an EditIt action.
|
|||||
| CVE-2008-2129 | 1 Cine | 1 Galleristic | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in Galleristic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2007-5181 | 1 Netkamp | 1 Netkamp Emlak Scripti | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti allows remote attackers to execute arbitrary SQL commands via the ilan_id parameter.
|
|||||
| CVE-2008-6798 | 1 Preprojects | 1 Pre Real Estate Listings | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.php in Pre Projects Pre Real Estate Listings allow remote attackers to execute arbitrary SQL commands via (1) the us parameter (aka the Username field) or (2) the ps parameter (aka the Password field).
|
|||||
| CVE-2008-3512 | 1 Php Nuke | 1 Kleinanzeigen Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php.
|
|||||
| CVE-2009-0302 | 1 Php-nuke | 1 Downloads Module | 2025-04-09 | 4.6 MEDIUM | N/A |
|
SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php.
|
|||||
| CVE-2008-6379 | 1 Mxmania | 1 Gallery Mx | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2008-4142 | 1 Ephpscripts | 1 E-php Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter.
|
|||||
| CVE-2008-2819 | 1 Blognplus | 1 Blognplus | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlier MySQL and PostgreSQL editions allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-6284 | 1 1scripts | 1 Z1exchange | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remote attackers to execute arbitrary SQL commands via the site parameter.
|
|||||
| CVE-2008-4653 | 1 Xoops | 2 Makale, Xoops | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in makale.php in Makale 0.26 and possibly other versions, a module for XOOPS, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-3116 | 1 Uiga | 1 Church Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the year parameter in a calendar action.
|
|||||
| CVE-2008-6813 | 1 Surat Kabar | 1 Phpwebnews | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter.
|
|||||
| CVE-2008-5877 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php, (3) pcwlogin and (4) pcw_pass parameters to pcw/setlogin.php, (5) searchvalue parameter to pcw/downloads.php, and the (6) searchvalue and (7) whichfield parameter to pcw/downloads.php, a different vector than CVE-2006-0444 ...
Show More |
|||||
| CVE-2008-2536 | 1 Yabsoft | 1 Advanced Image Hosting Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in out.php in YABSoft Advanced Image Hosting (AIH) Script 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t parameter.
|
|||||
| CVE-2009-3697 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.
|
|||||
| CVE-2009-0882 | 1 Roman Bogorodskiy | 1 Nforum | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in nForum 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to showtheme.php and the (2) user parameter to userinfo.php.
|
|||||
| CVE-2008-1650 | 1 Myiosoft | 1 Easynews | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 allows remote attackers to execute arbitrary SQL commands via the read parameter in an edp_Help_Internal_News action.
|
|||||
| CVE-2009-2607 | 2 Joomla, Pinme | 2 Joomla, Com Pinboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the com_pinboard component for Joomla! allows remote attackers to execute arbitrary SQL commands via the task parameter in a showpic action to index.php.
|
|||||
| CVE-2008-6485 | 1 Softcomplex | 1 Php Image Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery allows remote attackers to execute arbitrary SQL commands via the ctg parameter.
|
|||||
| CVE-2009-2120 | 1 Tekbase | 1 Tekbase All-in-one | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) ids parameter to admin.php, the (2) y parameter to members.php, and other unspecified vectors. NOTE: vector 1 requires administrative access.
|
|||||
| CVE-2008-2340 | 1 News Manager | 1 News Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in News Manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) lang parameter to (a) advsearch.php, (b) archive.php, and (c) index.php, and the (2) pid parameter to (d) list_tagitems.php.
|
|||||
| CVE-2008-3092 | 1 Drupal | 1 Taxonomy Autotagger Module | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-1975 | 1 Cogites | 1 E Reserve | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter.
|
|||||