Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4966 | 1 Gforge | 1 Gforge | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter.
|
|||||
| CVE-2008-5494 | 2 Digitalgreys, Joomla | 2 Com Contactinfo, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Contact Information Module (com_contactinfo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
|
|||||
| CVE-2008-0841 | 2 Joomla, Mambo | 2 Com Ricette Component, Com Ricette Component | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Giorgio Nordo Ricette (com_ricette) 1.0 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6725 | 1 Cmscout | 1 Cmscout | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) index.php in a mythings page (mythings.php) and (2) the users page in admin.php.
|
|||||
| CVE-2008-1425 | 1 Easy-clanpage | 1 Easy-clanpage | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the gallery module in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a kate action.
|
|||||
| CVE-2007-3705 | 1 Fusetalk | 1 Fusetalk | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified components, related to forum/include/error/forumerror.cfm.
|
|||||
| CVE-2008-3122 | 1 Xerox | 1 Centreware Web | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to execute arbitrary SQL commands via the unspecified vectors.
|
|||||
| CVE-2008-4463 | 1 Vastal I-tech | 1 Jobs Zone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
|
|||||
| CVE-2008-4354 | 1 Net Art Media | 1 Iboutique | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the products module in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.
|
|||||
| CVE-2008-5975 | 1 Activewebsoftwares | 1 Active Price Comparison | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-2509 | 1 Excuse Online | 1 Excuse Online | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pwd.asp in Excuse Online allows remote attackers to execute arbitrary SQL commands via the pID parameter.
|
|||||
| CVE-2008-4074 | 1 Zanfi Solutions | 1 Autodealers Cms Autonline | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
|
|||||
| CVE-2008-3711 | 1 Phparcadescript | 1 Phparcadescript | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a browse action.
|
|||||
| CVE-2008-2843 | 1 Doitlive | 1 Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp.
|
|||||
| CVE-2009-2113 | 1 Fretsweb Project | 1 Fretsweb | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php.
|
|||||
| CVE-2008-3785 | 1 Miacms | 1 Miacms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in the com_content component in MiaCMS 4.6.5 allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) view, (2) category, or (3) blogsection action to index.php.
|
|||||
| CVE-2007-3273 | 1 Fusetalk | 1 Fusetalk | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-2734 | 1 Achievo | 1 Achievo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.
|
|||||
| CVE-2009-3752 | 1 Opial | 1 Opial | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter.
|
|||||
| CVE-2006-6157 | 1 Michaelis Freunde | 1 Contentnow | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter.
|
|||||
| CVE-2009-1787 | 1 Phpdirsubmit | 1 Php Dir Submit | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) username and (2) password parameters.
|
|||||
| CVE-2009-0110 | 1 Riotpix | 1 Riotpix | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter.
|
|||||
| CVE-2009-1066 | 1 Getpixie | 1 Pixie Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the referral function in admin/lib/lib_logs.php in Pixie CMS 1.01a allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header in a request.
|
|||||
| CVE-2009-1584 | 1 R020 | 1 Tematres | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php.
|
|||||
| CVE-2008-3347 | 1 Myiosoft | 1 Easydynamicpages | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter.
|
|||||
| CVE-2008-5590 | 1 Kalptaru Infotech | 1 Product Sale Framework | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in customer.forumtopic.php in Kalptaru Infotech Product Sale Framework 0.1 beta allows remote attackers to execute arbitrary SQL commands via the forum_topic_id parameter.
|
|||||
| CVE-2009-0293 | 1 Wazzum | 1 Wazzum Dating Software | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter.
|
|||||
| CVE-2008-4496 | 1 Select Development Solutions | 1 Php Realtor | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows remote attackers to execute arbitrary SQL commands via the v_cat parameter.
|
|||||
| CVE-2008-2917 | 1 Preprojects | 1 E-smart Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in productsofcat.asp in E-SMART CART allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
|
|||||
| CVE-2009-0646 | 1 4site | 1 4site Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml.
|
|||||
| CVE-2008-3204 | 1 E-topbiz | 1 Million Pixels | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels 3 allows remote attackers to execute arbitrary SQL commands via the id_cat parameter.
|
|||||
| CVE-2009-1317 | 1 Aquacms | 1 Aqua Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userSID cookie parameter to droplets/functions/base.php and the (2) username parameter to admin/index.php.
|
|||||
| CVE-2008-4433 | 2 Rmsoft, Xoops | 2 Minishop Module, Xoops | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops might allow remote attackers to execute arbitrary SQL commands via the itemsxpag parameter.
|
|||||
| CVE-2007-3539 | 1 Qt-cute | 2 Quicktalk Forum, Quickticket | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in QuickTicket 1.2 build:20070621 and QuickTalk Forum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) t and (2) f parameters in (a) qti_ind_post.php and (b) qti_ind_post_prt.php; (3) dir and (4) order parameters in qti_ind_member.php; (5) id parameter in qti_usr.php; and the (6) f parameter in qti_ind_topic.php. NOTE: it was later reported that vector 5 also affects 1.4, 1.5, and 1.5.0.3.
|
|||||
| CVE-2007-6106 | 1 Alstrasoft | 1 E-friends | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 and earlier allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewevent action.
|
|||||
| CVE-2008-6618 | 1 Netlab | 1 Classsystem | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php.
|
|||||
| CVE-2008-2456 | 1 Comicshout | 1 Comicshout | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in ComicShout 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the comic_id parameter.
|
|||||
| CVE-2008-5637 | 1 Parsblogger | 1 Parsblogger | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows remote attackers to execute arbitrary SQL commands via the wr parameter.
|
|||||
| CVE-2008-4772 | 1 Questwork | 1 Questcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter.
|
|||||
| CVE-2007-6467 | 1 Mkportal | 1 Mkportal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows remote attackers to execute arbitrary SQL commands via the ida parameter in a gallery foto_show action.
|
|||||