Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0937 | 2 Tinyevent, Xoops | 2 Tinyevent, Tiny Event Module | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811.
|
|||||
| CVE-2008-2893 | 1 Ajhyip | 1 Aj Square Aj-hyip | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-2532.
|
|||||
| CVE-2008-4150 | 1 Dieselscripts | 1 Diesel Joke Site | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3763.
|
|||||
| CVE-2008-0280 | 1 Mtcms | 1 Mtcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter.
|
|||||
| CVE-2008-5213 | 1 Aj Square | 1 Aj Article | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in featured_article.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action.
|
|||||
| CVE-2009-1224 | 1 Scivox | 1 Vsp Stats Processor | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in vsp-core/pub/themes/bismarck/gamestat.php in vsp stats processor 0.45 allows remote attackers to execute arbitrary SQL commands via the gameID parameter.
|
|||||
| CVE-2008-2477 | 1 Mx-system | 1 Mxbb Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in MxBB (aka MX-System) Portal 2.7.3 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2009-2385 | 2 Fustrate, Simple Machines | 2 Member Awards, Smf | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-0835 | 1 Simple Cms | 1 Simple Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the area parameter.
|
|||||
| CVE-2008-3918 | 1 Ovidentia | 1 Ovidentia | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the field parameter in a search action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6030 | 1 Netartmedia | 1 Jobs Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3 allow remote attackers to execute arbitrary SQL commands via (1) the job parameter to index.php in the search module or (2) the news_id parameter to index.php.
|
|||||
| CVE-2009-1731 | 1 Mlffat | 1 Mlffat | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded supervisor cookie.
|
|||||
| CVE-2008-1272 | 1 Bmscripts | 1 Bm Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php.
|
|||||
| CVE-2008-3403 | 1 Mojoscripts | 1 Mojopersonals | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mojoClassified.cgi in MojoPersonals allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2008-6150 | 1 Sepcity | 1 Classified Ads | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in classdis.asp in SepCity Classified Ads allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2007-5490 | 1 Okulumunsitesi | 1 Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in Okul Otomasyon Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-1481 | 1 Pjhome | 1 Puterjams Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) 3.0.6.170 allows remote attackers to execute arbitrary SQL commands via the cname parameter in a checkAlias action, as exploited in the wild in April 2009. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-5678 | 1 Phpbasic | 1 Phpbasic | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Music module in phpBasic allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to the default URI.
|
|||||
| CVE-2008-6475 | 1 Drake Team | 1 Drake Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the guestbook component (components/guestbook/guestbook.php) in Drake CMS 0.4.11 and earlier allows remote attackers to execute arbitrary SQL commands via the Via HTTP header (HTTP_VIA) to index.php.
|
|||||
| CVE-2008-4080 | 1 Stash | 1 Stash | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-0520 | 1 Unique Ads | 1 Unique Ads | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter.
|
|||||
| CVE-2008-4492 | 1 Yourownbux | 1 Yourownbux | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows remote attackers to execute arbitrary SQL commands via the usNick cookie.
|
|||||
| CVE-2007-4837 | 1 Proxy Anket | 1 Proxy Anket | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-3938 | 1 Maxdev | 1 Mdpro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) 1.0.8x and earlier before 20070720 allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a view action in the Topics module, a different vulnerability than CVE-2006-1676.
|
|||||
| CVE-2009-0741 | 1 Craftsilicon | 1 Banking\@home | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginName parameter.
|
|||||
| CVE-2009-0292 | 1 Shop-inet | 1 Shop-inet | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter.
|
|||||
| CVE-2007-3884 | 1 Aspindir | 1 Husrevforum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: it was later reported that 2.0.1 is also affected.
|
|||||
| CVE-2008-6648 | 1 Ktools | 1 Photostore | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php. NOTE: this might be the same issue as CVE-2008-6647.
|
|||||
| CVE-2008-6443 | 1 Phpkf | 1 Phpkf | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum_duzen.php in phpKF allows remote attackers to execute arbitrary SQL commands via the fno parameter.
|
|||||
| CVE-2008-4754 | 1 Scripts-for-sites | 1 Ez Forum | 2025-04-09 | 5.8 MEDIUM | N/A |
|
SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.
|
|||||
| CVE-2009-1778 | 1 Bigace | 1 Bigace Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2008-4613 | 1 Portalapp | 1 Portalapp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forums.asp in PortalApp 4.0 allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
|
|||||
| CVE-2008-3788 | 1 Picturespro | 1 Picturespro Photo Cart | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) qtitle, (2) qid, and (3) qyear parameters to (a) search.php, and the (4) email and (5) password parameters to (b) _login.php.
|
|||||
| CVE-2008-6730 | 1 China-on-site | 1 Flexphplink | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.
|
|||||
| CVE-2009-1622 | 1 Ecshop | 1 Ecshop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote attackers to execute arbitrary SQL commands via the order_sn parameter in an order_query action.
|
|||||
| CVE-2009-1651 | 1 2daybiz | 1 Business Community Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/member_details.php in 2daybiz Business Community Script allows remote attackers to execute arbitrary SQL commands via the mid parameter.
|
|||||
| CVE-2006-6747 | 1 Dreaxteam | 1 Xt-news | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in show_news.php in Xt-News 0.1 allows remote attackers to execute arbitrary SQL commands via the id_news parameter.
|
|||||
| CVE-2009-3349 | 1 Datavore | 1 Gyro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Datavore Gyro 5.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a cat action to the home component.
|
|||||
| CVE-2008-6145 | 1 Typo3 | 2 Typo3, Wec Discussion Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-0219 | 1 Php Webquest | 1 Php Webquest | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920.
|
|||||