Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6881 | 2 Joomla, Joompolitan | 2 Joomla\!, Com Livechat | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the last parameter to (1) getChat.php, (2) getChatRoom.php, and (3) getSavedChatRooms.php.
|
|||||
| CVE-2008-6245 | 1 Scripts-for-sites | 1 Ez Biz Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ BIZ PRO allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-3030 | 1 Efes Tech Shop | 1 Efes Tech Shop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in an urunler action.
|
|||||
| CVE-2008-4786 | 1 E107 | 2 E107, Easyshop Plugin | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in easyshop.php in the EasyShop plugin for e107 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
|
|||||
| CVE-2009-1258 | 2 Joomla, Rd-media | 2 Joomla, Com Rdautos | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the RD-Autos (com_rdautos) component 1.5.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the makeid parameter in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-0371 | 1 Alilg | 1 Alitalk | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these details ...
Show More |
|||||
| CVE-2009-1548 | 1 Qsix | 1 Blusky Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in BluSky CMS allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a read action.
|
|||||
| CVE-2008-6078 | 1 Limbo Cms | 2 Com Privmsg, Limbo Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in open.php in the Private Messaging (com_privmsg) component for Limbo CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a pms action to index.php.
|
|||||
| CVE-2007-5912 | 1 Jportal | 1 Jportal Web Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
|
|||||
| CVE-2009-2157 | 1 Torrenttrader | 1 Torrenttrader Classic | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to execute arbitrary SQL commands via (1) the origmsg parameter to account-inbox.php; the categ parameter to (2) delreq.php and (3) admin-delreq.php; (4) the choice parameter to index.php; (5) the id parameter to modrules.php in an edited (aka edit) action; the (6) user, (7) torrent, (8) forumid, and (9) forumpost parameters to report.php; (10) the delmp parameter to take-deletepm.php; (11) the ...
Show More |
|||||
| CVE-2009-3973 | 1 Turnkeyarcade | 1 Turnkey Arcade Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629.
|
|||||
| CVE-2008-4352 | 1 Phpsmartcom | 1 Phpsmartcom | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in inc/pages/viewprofile.php in phpSmartCom 0.2 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a viewprofile action to index.php.
|
|||||
| CVE-2007-5187 | 1 Php-fusion | 1 Expanded Calendar Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter.
|
|||||
| CVE-2009-1263 | 2 Alikonweb, Joomla | 2 Com Bookjoomlas, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sub_commententry.php in the BookJoomlas (com_bookjoomlas) component 0.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a comment action to index.php.
|
|||||
| CVE-2007-5976 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter.
|
|||||
| CVE-2008-0518 | 2 Joomla, Mambo | 2 Com Recipes, Com Recipes | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
|
|||||
| CVE-2008-0517 | 3 Darko Selesi, Joomla, Mambo | 3 Estateagent, Joomla, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.
|
|||||
| CVE-2008-1297 | 3 Ewriting, Joomla, Mambo | 3 Ewriting, Com Ewriting, Com Ewriting | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the eWriting (com_ewriting) 1.2.1 module for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action.
|
|||||
| CVE-2008-6741 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands by setting the db_character_set parameter to a multibyte character set such as big5, which causes the addslashes PHP function to produce a "\" (backslash) sequence that does not quote the "'" (single quote) character, as demonstrated via a manlabels action to index.php.
|
|||||
| CVE-2007-6172 | 1 Wire Plastic Design | 1 Wpquiz | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php.
|
|||||
| CVE-2007-6291 | 1 Xigla | 1 Absolute Banner Manager.net | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in abm.aspx in Xigla Absolute Banner Manager .NET 4.0 allows remote attackers to execute arbitrary SQL commands via the z parameter.
|
|||||
| CVE-2008-0682 | 1 Wordpress | 1 Wordspew | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6350 | 1 Turnkeyforms | 1 Local Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in listtest.php in TurnkeyForms Local Classifieds allows remote attackers to execute arbitrary SQL commands via the r parameter.
|
|||||
| CVE-2008-6372 | 1 Ocean12tech | 1 Faq Manager Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a Cat action. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-3751 | 1 Yourfreeworld | 1 Short Url And Url Tracker Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tr.php in YourFreeWorld Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-5924 | 1 Asp-dev | 1 Xm Events Diary | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-0678 | 1 Blogphp | 1 Blogphp | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a page action.
|
|||||
| CVE-2008-1726 | 1 Myknowledgequest | 1 Knowledgequest | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.
|
|||||
| CVE-2009-2601 | 2 Joomla, Joomlaequipment | 2 Joomla\!, Juser | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php.
|
|||||
| CVE-2008-6088 | 2 Joomla, Joomtracker | 2 Joomla, Com Joomtracker | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 module for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tordetails action to index.php.
|
|||||
| CVE-2007-5449 | 1 Softbiz | 1 Recipes Portal Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in searchresult.php in Softbiz Recipes Portal Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter.
|
|||||
| CVE-2008-6749 | 1 China-on-site | 1 Flexphpdirectory | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters.
|
|||||
| CVE-2009-4540 | 1 Bpowerhouse | 1 Mini Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6258 | 1 Quadcomm | 1 Q-shop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the (1) UserID and (2) Pwd parameters. NOTE: this might be related to CVE-2004-2108.
|
|||||
| CVE-2007-6143 | 1 Vu | 1 Case Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp (aka the Login Page) in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.
|
|||||
| CVE-2008-4353 | 1 Linkarity | 1 Linkarity | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in link.php in Linkarity allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. NOTE: although one component of Linkarity is distributable PHP code, this issue might be site-specific. If so, it should not be included in CVE.
|
|||||
| CVE-2009-3215 | 2 Joomla, Php-shop-system | 2 Joomla, Ixxo Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.
|
|||||
| CVE-2009-3661 | 2 Blueconstantmedia, Joomla | 2 Com Djcatalog, Joomla | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php.
|
|||||
| CVE-2008-4203 | 1 Czaries | 1 Czarnews | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie.
|
|||||
| CVE-2008-0787 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before 1.2.12 allows remote authenticated users to execute arbitrary SQL commands via the options[disablesmilies] parameter to private.php.
|
|||||