Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5865 | 2 Joomla, Joomlahbs | 2 Joomla, Hotel Booking Reservation System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php.
|
|||||
| CVE-2008-2460 | 1 Vbulletin | 1 Vbulletin | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows remote attackers to execute arbitrary SQL commands via the q parameter in a search action.
|
|||||
| CVE-2007-6217 | 1 Irola | 1 My-time | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-0282 | 1 Domphp | 1 Domphp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter.
|
|||||
| CVE-2008-2904 | 1 Phpmycart | 1 Phpmycart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2008-5998 | 1 Drupal | 2 Ajax Checklist, Drupal | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters.
|
|||||
| CVE-2008-3132 | 1 Joomla | 1 Com Beamospetition | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.
|
|||||
| CVE-2008-6274 | 1 Mjcreation | 1 Familyproject | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or "Mot de passe" field). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-2487 | 1 Maxsite | 1 Maxsite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a webboard action.
|
|||||
| CVE-2009-4571 | 1 Phpshop | 1 Phpshop | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, ...
Show More |
|||||
| CVE-2007-5151 | 1 Nukescripts | 1 Nukesentinel | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie.
|
|||||
| CVE-2007-1171 | 1 Nukescripts | 1 Nukesentinel | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.
|
|||||
| CVE-2008-4043 | 1 Aj Square | 1 Aj Hyip | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php and (2) prime/article/comment.php.
|
|||||
| CVE-2008-4766 | 1 O2php | 1 Oxygen Bulletin Board | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in member.php in Oxygen Bulletin Board 1.1.3 allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-4203 | 1 Arabportal | 1 Arab Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/.
|
|||||
| CVE-2008-2671 | 1 Dcfm Blog | 1 Dcfm Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-0557 | 1 Mamboserver | 1 Catalogshop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the CatalogShop (com_catalogshop) 1.0b1 componenent for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
|
|||||
| CVE-2008-6254 | 1 Jadu | 1 Jadu Galaxies | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in scripts/documents.php in Jadu Galaxies allows remote attackers to execute arbitrary SQL commands via the categoryID parameter.
|
|||||
| CVE-2008-6017 | 1 I-rater | 1 I-rater Basic | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in messages.php in I-Rater Basic allows remote attackers to execute arbitrary SQL commands via the idp parameter.
|
|||||
| CVE-2008-6100 | 1 Berlios | 1 Discussion Forum 2k | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to (a) RSS1.php and (b) RSS2.php in misc/; and the (2) SubID parameter to (c) misc/RSS5.php.
|
|||||
| CVE-2008-4991 | 1 Ec-cube | 1 Ec-cube | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and earlier, 1.4.7 and earlier, and 1.5.0-beta2 and earlier; and Community Edition 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the parameter.
|
|||||
| CVE-2008-4423 | 1 Ovidentia | 1 Ovidentia | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.
|
|||||
| CVE-2008-1961 | 1 Php Resource | 1 Voice Of Web Allmyguests | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to execute arbitrary SQL commands via the AMG_id parameter in a comments action.
|
|||||
| CVE-2008-1632 | 1 Emedia Office Gmbh | 1 Cuteflow | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) listid parameter to pages/editmailinglist_step1.php, the (2) userid parameter to pages/edituser.php, the (3) fieldid parameter to pages/editfield.php, and the (4) templateid to pages/edittemplate_step1.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-0224 | 1 Runcms | 1 Runcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Newbb_plus 0.92 and earlier module in RunCMS 1.6.1 allows remote attackers to execute arbitrary SQL commands via the Client-Ip parameter.
|
|||||
| CVE-2009-4424 | 2 Imotta, Wordpress | 2 Pyrmont Plugin, Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-5888 | 1 Icash | 1 Click\&rank | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp; (4) the userid parameter to admin_login.asp (aka the USERNAME field in admin.asp); and (5) the PassWord parameter to admin_login.asp (aka the PASSWORD field in admin.asp). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-4600 | 1 Netartmedia | 1 Media Real Estate Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Email parameter (aka the username field). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-2692 | 1 Joomla | 1 Com Yvcomment | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php.
|
|||||
| CVE-2008-0173 | 1 Gforge | 1 Gforge | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified parameters, related to RSS exports.
|
|||||
| CVE-2008-1763 | 1 Blogator Script | 1 Blogator Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter.
|
|||||
| CVE-2009-3501 | 1 Bpowerhouse | 1 Bpstudents | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in students.php in BPowerHouse BPStudents 1.0 allows remote attackers to execute arbitrary SQL commands via the test parameter in a preview action.
|
|||||
| CVE-2009-2554 | 2 Joomla, Olle Johansson | 2 Joomla, Jobline | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to index.php, which invokes the search method from the searchJobPostings function in jobline.php.
|
|||||
| CVE-2007-5430 | 1 Scottmanktelow | 1 Stride Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem.
|
|||||
| CVE-2008-6189 | 1 Gforge | 1 Gforge | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in GForge 4.5.19 allows remote attackers to execute arbitrary SQL commands via the offset parameter to (1) new/index.php, (2) news/index.php, and (3) top/topusers.php, which is not properly handled in database-pgsql.php.
|
|||||
| CVE-2007-6484 | 1 Phprpg | 1 Phprpg | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in phpRPG 0.8 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-0395 | 1 Netartmedia | 1 Car Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the login feature in NetArt Media Car Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
|
|||||
| CVE-2008-4143 | 1 Razorecommerce | 1 Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in category_search.php in RazorCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-2846 | 1 Boatscripts | 1 Boatscripts Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in BoatScripts Classifieds allows remote attackers to execute arbitrary SQL commands via the type parameter.
|
|||||
| CVE-2008-0796 | 1 Nuboard | 1 Nuboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in threads.php in Nuboard 0.5 allows remote attackers to execute arbitrary SQL commands via the ssid parameter.
|
|||||