Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1872 | 1 Comdev | 1 Comdev News Publisher | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-4104 | 2 Joomla, Lyften | 2 Joomla\!, Com Lyftenbloggie | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Lyften Designs LyftenBloggie (com_lyftenbloggie) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the author parameter to index.php.
|
|||||
| CVE-2008-1464 | 1 Gallarific | 1 Gallarific | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) query parameter to (a) search.php; (2) gusername and (3) gpassword parameters to (b) login.php; and the (4) username and (5) password parameters to (c) gadmin/index.php in a signin action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-2678 | 1 Telephone | 1 Telephone Directory 2008 | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Telephone Directory 2008, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) code parameter in a confirm_data action to edit1.php and the (2) id parameter to view_more.php.
|
|||||
| CVE-2008-0430 | 1 360 Web Manager | 1 360 Web Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter.
|
|||||
| CVE-2008-1137 | 2 Joomla, Mambo | 2 Com Garyscookbook, Com Garyscookbook | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
|
|||||
| CVE-2008-4904 | 1 Typosphere | 1 Typo | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in the "Manage pages" feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with "blog publisher" rights to execute arbitrary SQL commands via the search[published_at] parameter.
|
|||||
| CVE-2008-3382 | 1 Mojoscripts | 1 Mojoclassifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.
|
|||||
| CVE-2008-1631 | 1 Emedia Office Gmbh | 1 Cuteflow | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php.
|
|||||
| CVE-2007-0794 | 1 Globalmegacorp | 1 Dvddb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function definitions
|
|||||
| CVE-2009-3510 | 1 Dataspheric | 1 Linkspheric | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewListing.php in linkSpheric 0.74 Beta 6 allows remote attackers to execute arbitrary SQL commands via the listID parameter.
|
|||||
| CVE-2008-2529 | 1 Advanced Links Management | 1 Advanced Links Management | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in read.php in Advanced Links Management (ALM) 1.5.2 allows remote attackers to execute arbitrary SQL commands via the catId parameter.
|
|||||
| CVE-2008-4890 | 1 1st News | 1 4 Professional | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in products.php in 1st News 4 Professional (PR 1) allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-2416 | 1 Fichive | 1 Fichive | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in FicHive 1.0 allows remote attackers to execute arbitrary SQL commands via the category parameter in a Fiction action, possibly related to sources/fiction.class.php.
|
|||||
| CVE-2008-4757 | 1 Php-daily | 1 Php-daily | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php.
|
|||||
| CVE-2007-6579 | 1 Ip Reg | 1 Ip Reg | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote attackers to execute arbitrary SQL commands via the vlan_id parameter to (1) vlanview.php, (2) vlanedit.php, and (3) vlandel.php; the (4) assetclassgroup_id parameter to assetclassgroupview.php; the (5) subnet_id parameter to nodelist.php; and unspecified other vectors. NOTE: it was later reported that the vlanview.php and vlandel.php vectors are also in 0.4.
|
|||||
| CVE-2008-2504 | 1 Simpel Side | 1 Netbutik | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 through 4 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to netbutik.php and the (2) id parameter to product.php.
|
|||||
| CVE-2008-0880 | 1 Phpnuke | 1 Easycontent Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
|
|||||
| CVE-2008-5486 | 1 Turnkeyforms | 1 Text Link Sales | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-2685 | 1 Battleblog | 1 Battleblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter, a different vector than CVE-2008-2626.
|
|||||
| CVE-2008-2532 | 1 Aj Square | 1 Aj Hyip | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-3788 | 1 Opendocman | 1 Opendocman | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter.
|
|||||
| CVE-2009-3224 | 2 68classifieds, Classified-software | 2 68 Classifieds, Super Mod System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Super Mod System, when using the 68 Classifieds 3.1 Core System, allows remote attackers to execute arbitrary SQL commands via the s parameter.
|
|||||
| CVE-2007-6169 | 1 Gouae | 1 Dwd Realty | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the uname parameter, a different vector than CVE-2007-6163. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2006-7118 | 1 Dmxready | 1 Site Engine Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.asp in DMXReady Site Engine Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
|
|||||
| CVE-2008-2903 | 1 Awbs | 1 Advanced Webhost Billing System | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in news.php in Advanced Webhost Billing System (AWBS) 2.3.3 through 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the viewnews parameter.
|
|||||
| CVE-2008-0279 | 1 Xforum | 1 Xforum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. NOTE: the categorie parameter might also be affected.
|
|||||
| CVE-2008-4884 | 1 Yourfreeworld | 1 Classifieds Hosting Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-4590 | 1 Stash | 1 Stash | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to admin/login.php and (2) the post parameter to admin/news.php.
|
|||||
| CVE-2008-3359 | 1 Owl | 1 Intranet Knowledgebase | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in register.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-0252 | 1 Enthrallweb | 1 Ereservations | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-6004 | 1 Toko | 1 Instan | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an artikel action or (2) the katid parameter in a produk action.
|
|||||
| CVE-2009-2545 | 1 Anelectron | 1 Advanced Electron Forum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-6394 | 1 P3mbo | 1 Content Injector | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Content Injector 1.53 allows remote attackers to execute arbitrary SQL commands via the id parameter in an expand action.
|
|||||
| CVE-2008-4621 | 1 Zeescripts | 1 Zeeproperty | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bannerclick.php in ZeeScripts Zeeproperty allows remote attackers to execute arbitrary SQL commands via the adid parameter.
|
|||||
| CVE-2008-6155 | 1 Hispah | 1 Text Links Ads | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 allows remote attackers to execute arbitrary SQL commands via the idtl parameter in a buy action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6527 | 1 Go4i | 1 Go41.net Asp Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the iFor parameter.
|
|||||
| CVE-2008-5588 | 1 Katywhitton | 1 Rankem | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the siteID parameter.
|
|||||
| CVE-2008-6992 | 1 Greensql | 1 Greensql Firewall | 2025-04-09 | 7.5 HIGH | N/A |
|
GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.
|
|||||
| CVE-2009-3343 | 1 Hotwebscripts | 1 Hotweb Rentals | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in details.asp in HotWeb Rentals allows remote attackers to execute arbitrary SQL commands via the PropId parameter.
|
|||||