Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2000 | 1 Raphael Limbach | 1 Crea-book | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter.
|
|||||
| CVE-2008-2632 | 1 Joomla | 2 Com Acctexp, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php.
|
|||||
| CVE-2008-3669 | 1 Zeescripts | 1 Zeereviews | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comments.php in ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP Script (aka ZeeReviews) allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
|
|||||
| CVE-2008-2875 | 1 Webdevindo-cms | 1 Webdevindo-cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 allows remote attackers to execute arbitrary SQL commands via the hal parameter.
|
|||||
| CVE-2008-0469 | 1 Tiger Php News System | 1 Tiger Php News System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action.
|
|||||
| CVE-2009-3148 | 1 Portalxp | 1 Portalxp | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) calendar.php, (2) news.php, and (3) links.php; and the (4) assignment_id parameter to assignments.php.
|
|||||
| CVE-2008-4886 | 1 Yourfreeworld | 1 Shopping Cart Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in YourFreeWorld Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the c parameter.
|
|||||
| CVE-2007-4835 | 1 Phpmyquote | 1 Phpmyquote | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.
|
|||||
| CVE-2008-3487 | 1 Phpauctions | 1 Phpauction Gpl Enhanced | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced 2.51 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-0154 | 1 Evilboard | 1 Evilboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter.
|
|||||
| CVE-2008-4716 | 1 Scriptdemo | 1 Php-lance | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2009-2021 | 1 Virtuenetz | 1 Virtue Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
|||||
| CVE-2008-6282 | 1 Ortus.nirn | 1 Cms Ortus | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php.
|
|||||
| CVE-2009-3190 | 1 Pad-site-scripts | 1 Pad Site Scripts | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to list.php and (2) cat parameter to rss.php.
|
|||||
| CVE-2009-1804 | 1 Videoscript | 1 Youtube Video Script | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
|
|||||
| CVE-2009-0542 | 1 Proftpd Project | 1 Proftpd | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql.
|
|||||
| CVE-2007-6556 | 1 Websihirbazi | 1 Websihirbazi | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp.
|
|||||
| CVE-2008-2850 | 1 Drupal | 1 Trailscout Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API.
|
|||||
| CVE-2008-1863 | 1 Prozilla | 1 Cheats | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-1766 | 1 Teozkr | 1 Lightopencms | 2025-04-09 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-3383 | 1 Mojoscripts | 1 Mojoauto | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote attackers to execute arbitrary SQL commands via the cat_a parameter in a browse action.
|
|||||
| CVE-2007-5996 | 1 Softbizscripts | 1 Link Directory Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449.
|
|||||
| CVE-2008-1608 | 1 Clever Copy | 1 Clever Copy | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583.
|
|||||
| CVE-2008-5798 | 1 Typo3 | 2 Cms Poll System Extension, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-3594 | 1 Magicscripts | 2 E-store Kit-1, E-store Kit-2 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewdetails.php in MagicScripts E-Store Kit-1, E-Store Kit-2, E-Store Kit-1 Pro PayPal Edition, and E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary SQL commands via the pid parameter.
|
|||||
| CVE-2006-6402 | 1 Mystats | 1 Mystats | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the details parameter.
|
|||||
| CVE-2008-2972 | 1 Kblance | 1 Kblance | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in KbLance allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a comment action.
|
|||||
| CVE-2007-5131 | 1 Interspire | 1 Activekb Nx | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x allows remote attackers to execute arbitrary SQL commands via the catId parameter in a browse action. NOTE: it was separately reported that ActiveKB 1.5 is also affected.
|
|||||
| CVE-2008-5643 | 2 Joomla, Mambo | 3 Com Books, Joomla, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Books (com_books) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter in a book_details action to index.php.
|
|||||
| CVE-2009-1065 | 1 Getpixie | 1 Pixie Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the x parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-6164 | 1 Eurologon | 1 Eurologon Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Eurologon CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) reviews.php, (2) links.php and (3) articles.php.
|
|||||
| CVE-2008-6427 | 1 Hivemaker | 1 Hivemaker | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2006-6349 | 1 Pwp Technologies | 1 The Classified Ad System | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine.
|
|||||
| CVE-2008-1220 | 1 Phpnuke | 1 4nchat | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the roomid parameter in an index action to modules.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-2781 | 1 Dzoic | 1 Handshakes | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 allows remote attackers to execute arbitrary SQL commands via the fname parameter in a members search action.
|
|||||
| CVE-2008-3238 | 1 Itechscripts | 1 Itechbids | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow remote attackers to execute arbitrary SQL commands via (1) the seller_id parameter in sellers_othersitem.php, (2) the productid parameter in classifieds.php, and (3) the id parameter in shop.php.
|
|||||
| CVE-2008-4617 | 3 Joomla, Mambo-foundation, Pyxicom | 3 Joomla, Mambo, Actualite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-0907 | 1 Php-nuke | 1 Inhalt Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Inhalt module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2010-0158 | 2 Joomla, Joomlabamboo | 2 Joomla, Jb Simpla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JoomlaBamboo (JB) Simpla Admin template for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to the com_content component, reachable through index.php. NOTE: the vendor disputes this report, saying: "JoomlaBamboo has investigated this report, and it is incorrect. There is no SQL injection vulnerability involving the id parameter in an article view, and there never was. JoomlaBamboo customers have no r ...
Show More |
|||||
| CVE-2008-3307 | 1 Youtube Blog | 1 Youtube Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306.
|
|||||