Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4491 | 1 Gurur Haber | 1 Gurur Haber | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-4879 | 1 Maran | 1 Php Shop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880.
|
|||||
| CVE-2009-0810 | 1 Xatrix | 1 Xguestbook | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in xGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter.
|
|||||
| CVE-2007-6544 | 1 Runcms | 1 Runcms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5) modlink.php, or (6) brokenlink.php in modules/mylinks/.
|
|||||
| CVE-2009-1909 | 1 Openskip | 1 Skip | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-2345 | 1 Clansphere | 1 Clansphere | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components.
|
|||||
| CVE-2009-3315 | 1 Nelogic | 1 Nephp Publisher | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/index.php in NeLogic Nephp Publisher Enterprise 3.5.9 and 4.5 allows remote attackers to execute arbitrary SQL commands via the Username field.
|
|||||
| CVE-2008-6649 | 1 Ktools | 1 Photostore | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in manager/image_details_editor.php in Ktools PhotoStore 2.5, 2.9.8, 3.1.0, and other versions through 3.5.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-2609 | 2 Amotools, Joomla | 2 Com Amocourse, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the amoCourse (com_amocourse) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to index.php.
|
|||||
| CVE-2008-6276 | 2 Drupal, Joomla | 2 User Karma Module, Joomla\! | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value.
|
|||||
| CVE-2008-5595 | 1 Aspapps | 1 Asp Autodealer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.asp in ASP AutoDealer allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2009-3491 | 2 Joomla, Kinfusion | 2 Joomla\!, Com Sportfusion | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php.
|
|||||
| CVE-2008-5653 | 1 Myiosoft.com | 1 Ajaxportal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-0507 | 1 Wordpress | 1 Adserve | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6526 | 1 Bosdev | 1 Bos Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in BosDev BosClassifieds allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2008-1838.
|
|||||
| CVE-2009-2585 | 1 Mlffat | 1 Mlffat | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731.
|
|||||
| CVE-2008-3783 | 1 Matterdaddy | 1 Matterdaddy Market | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters.
|
|||||
| CVE-2008-6728 | 1 Phpnuke | 1 Php-nuke | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Sections module in PHP-Nuke, probably before 8.0, allows remote attackers to execute arbitrary SQL commands via the artid parameter in a printpage action to modules.php.
|
|||||
| CVE-2008-3083 | 2 Brightcode, Joomla | 2 Brightcode Weblinks Module, Com Brightweblinks | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Brightcode Weblinks (com_brightweblinks) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2008-5892 | 1 Icash | 1 Click\&email | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and (3) the PassWord parameter to admin_loginCheck.asp (aka the PASSWORD field in admin_main.asp). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5337 | 1 Multimania | 2 Bandsite Portal System, Bandwebsite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6778 | 1 Scripts-for-sites | 1 Ez Auction | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) EZ Auction allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2008-4205 | 1 Attachmax | 1 Dolphin | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-6991 | 1 Cmsbright | 1 Cmsbright | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in public/page.php in Websens CMSbright allows remote attackers to execute arbitrary SQL commands via the id_rub_page parameter.
|
|||||
| CVE-2007-4540 | 1 Olate | 1 Olatedownload | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header.
|
|||||
| CVE-2008-5336 | 1 Bdigital Web Solutions | 1 Webstudio Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in WebStudio CMS allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
|
|||||
| CVE-2008-5489 | 1 Clip-share | 1 Clipshare | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter.
|
|||||
| CVE-2008-2762 | 1 Xigla | 1 Absolute Form Processor Xe | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter.
|
|||||
| CVE-2008-0026 | 1 Cisco | 2 Unified Callmanager, Unified Communications Manager | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in Cisco Unified CallManager/Communications Manager (CUCM) 5.0/5.1 before 5.1(3a) and 6.0/6.1 before 6.1(1a) allows remote authenticated users to execute arbitrary SQL commands via the key parameter to the (1) admin and (2) user interface pages.
|
|||||
| CVE-2008-6277 | 1 Rakhisoftware | 1 Rakhisoftware Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to execute arbitrary SQL commands via the subcategory_id parameter.
|
|||||
| CVE-2008-6623 | 1 Webbdomain | 1 Post Card | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2008-5635 | 1 Activewebsoftwares | 1 Active Membership | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in account.asp in Active Membership 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-2277 | 1 Cmsnx | 1 Feedback And Rating Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.php in Feedback and Rating Script 1.0 allows remote attackers to execute arbitrary SQL commands via the listingid parameter.
|
|||||
| CVE-2008-4665 | 1 Datingpro | 1 Matchmaking | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PG Matchmaking allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) news_read.php and (2) gifts_show.php.
|
|||||
| CVE-2007-6342 | 1 David Castro | 1 Apache Authcas | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie.
|
|||||
| CVE-2008-6338 | 2 Typo3, Weber-ebusiness | 2 Typo3, Wes Facilities | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-2927 | 1 Digitalspinners | 1 Ds Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter.
|
|||||
| CVE-2008-5168 | 1 Easysitenetwork | 1 Tips Complete Website | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 allows remote attackers to execute arbitrary SQL commands via the tipid parameter.
|
|||||
| CVE-2008-3193 | 1 Sclek | 1 Jsite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in jSite 1.0 OE allows remote attackers to execute arbitrary SQL commands via the page parameter to the default URI.
|
|||||
| CVE-2008-2909 | 1 Clever Copy | 1 Clever Copy | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in results.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the searchtype parameter.
|
|||||