Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4736 | 1 Cartkeeper | 1 Ckgold Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in category.php in CartKeeper CKGold Shopping Cart 2.0 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
|
|||||
| CVE-2008-2125 | 1 Musicbox | 1 Musicbox | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and 2.3.7 allows remote attackers to execute arbitrary SQL commands via the artistId parameter.
|
|||||
| CVE-2006-5738 | 1 Punbb | 1 Punbb | 2025-04-09 | 2.1 LOW | 7.2 HIGH |
|
Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-2627 | 1 Joomla | 1 Com Idoblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 and earlier and 1.0, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the userid parameter in a userblog action to index.php.
|
|||||
| CVE-2008-6180 | 1 Newlife Blogger | 1 Newlife Blogger | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie.
|
|||||
| CVE-2008-3757 | 1 Yourfreeworld | 1 Forced Matrix Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-4762 | 1 E-smart Cart | 1 E-smart Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMARTCART 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass fields, different vectors than CVE-2007-0092.
|
|||||
| CVE-2006-6880 | 1 Php-update | 1 Php-update | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in code/guestadd.php in PHP-Update 2.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) newmessage, (2) newname, (3) newwebsite, or (4) newemail parameter.
|
|||||
| CVE-2009-3342 | 2 Alphaplug, Joomla | 2 Com Alphauserpoints, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in frontend/assets/ajax/checkusername.php in the AlphaUserPoints (com_alphauserpoints) component 1.5.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the username2points parameter.
|
|||||
| CVE-2009-1853 | 1 Kenseiboard | 1 Kensei Board | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Kensei Board 2.0 BETA (aka 2.0.0b) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) f and (2) t parameters in a showforum action.
|
|||||
| CVE-2008-5295 | 1 Jamit Software | 1 Jamit Job Board | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 allows remote attackers to execute arbitrary SQL commands via the show_emp parameter.
|
|||||
| CVE-2008-4525 | 1 Ampjuke | 1 Ampjuke | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows remote attackers to execute arbitrary SQL commands via the special parameter in a performerid action.
|
|||||
| CVE-2008-3513 | 1 Php Nuke | 1 Basis Consultant Book Catalog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php.
|
|||||
| CVE-2009-4598 | 2 Corephp, Joomla | 2 Com Jphoto, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php.
|
|||||
| CVE-2008-5772 | 1 Aspsiteware | 1 Realtylistings | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp.
|
|||||
| CVE-2008-2036 | 1 Dream4 | 1 Koobi | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter in a poll action.
|
|||||
| CVE-2009-1819 | 1 2daybiz | 1 Custom T-shirt Design Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-0355 | 1 Phpecho Cms | 1 Phpecho Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866.
|
|||||
| CVE-2009-3316 | 2 Jforjoomla, Joomla | 2 Com Jreservation, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JReservation (com_jreservation) component 1.0 and 1.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a propertycpanel action to index.php.
|
|||||
| CVE-2007-4552 | 1 Agares Media | 1 Arcadem | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 allows remote attackers to execute arbitrary SQL commands via the blockpage parameter. NOTE: as of 20070827, the vendor has made conflicting statements regarding whether this issue exists or not.
|
|||||
| CVE-2008-3591 | 1 21degrees | 1 Symphony | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.
|
|||||
| CVE-2008-3256 | 1 Siteframe | 2 Siteframe Beaumont, Siteframe Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and earlier, and Siteframe Beaumont 5.0.5 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-3505 | 1 Vastal | 1 Mmorpg Zone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. NOTE: the game_id vector is already covered by CVE-2008-4460.
|
|||||
| CVE-2008-6104 | 1 A4desk | 1 A4desk Flash Event Calendar | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in A4Desk PHP Event Calendar allows remote attackers to execute arbitrary SQL commands via the eventid parameter to admin/index.php.
|
|||||
| CVE-2008-3762 | 1 Turnkeywebtools | 1 Php Live Helper | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.
|
|||||
| CVE-2008-6188 | 1 Gforge | 1 Gforge | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter.
|
|||||
| CVE-2008-0719 | 1 Oscommerce | 2 Customer Testimonials, Oscommerce | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter.
|
|||||
| CVE-2008-0739 | 1 Shoppingtree | 1 Candypress Store | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the FedExAccount parameter.
|
|||||
| CVE-2008-4157 | 1 Vastal | 1 Phpvid | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.
|
|||||
| CVE-2008-5122 | 1 Ektron | 1 Cms4000.net | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in Ektron CMS400.NET 7.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the res parameter.
|
|||||
| CVE-2008-6332 | 1 Simplecustomer | 1 Simple Customer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter.
|
|||||
| CVE-2008-5928 | 1 Flds-script | 1 Flds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in redir.php in Free Links Directory Script (FLDS) 1.2a allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-4145 | 1 Addalink | 1 Addalink | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
|
|||||
| CVE-2008-0421 | 1 Invision Power Services | 1 Invision Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command.
|
|||||
| CVE-2008-5628 | 1 Little Cms | 1 Little Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in CMS little 0.0.1 allows remote attackers to execute arbitrary SQL commands via the term parameter.
|
|||||
| CVE-2007-0789 | 1 Mambo | 1 Mambo | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter.
|
|||||
| CVE-2008-0942 | 1 Aeries | 1 Aeries Student Information System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter.
|
|||||
| CVE-2007-0875 | 1 Mcrefer | 1 Mcrefer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this issue has been disputed by a third party, stating that the file does not use a SQL database
|
|||||
| CVE-2008-0616 | 1 Dmsguestbook Project | 1 Dmsguestbook | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
|
|||||
| CVE-2008-3191 | 1 Marcioforum | 1 Mforum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) City, (2) Interest, (3) Email, (4) Icq, (5) msn, or (6) Yahoo Messenger field in an edit_profile action.
|
|||||