Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1870 | 1 Geek247 | 1 Pigmy-sql | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-2892 | 1 Scripteen | 1 Free Image Hosting Script | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie.
|
|||||
| CVE-2009-4595 | 1 Phpwares | 1 Php Inventory | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in PHP Inventory 1.2 allows remote authenticated users to execute arbitrary SQL commands via the sup_id parameter in a suppliers details action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-2106 | 2 Projektseminar Proservice Wwu, Typo3 | 2 Virtual Civil Services, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-0446 | 1 Web-album | 1 Webalbum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-5986 | 1 Btiteam | 1 Btitracker | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-5927 | 1 China-on-site | 1 Flexphpnews | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-4574 | 1 I-escorts | 1 I-escorts Directory Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in country_escorts.php in I-Escorts Directory Script allows remote attackers to execute arbitrary SQL commands via the country_id parameter.
|
|||||
| CVE-2009-4155 | 1 Eshopbuilder | 1 Eshopbuilde Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote attackers to execute arbitrary SQL commands via the sitebid parameter to (1) home-f.asp and (2) opinions-f.asp; (3) sitebid, (4) id, (5) secText, (6) client-ip, and (7) G_id parameters to more-f.asp; (8) sitebid, (9) id, (10) ma_id, (11) mi_id, (12) secText, (13) client-ip, and (14) G_id parameters to selectintro.asp; (15) sitebid, (16) secText, (17) adv_code, and (18) client-ip parameters to advcount.asp; (19) sitebid, (20) ...
Show More |
|||||
| CVE-2007-3913 | 1 Gforge | 1 Gforge | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Gforge before 3.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-5087 | 1 Typo3 | 2 Another Backend Login, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-6050 | 2 Ircmaxell, Joomla | 2 Tech Article, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Tech Articles (com_tech_article) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the item parameter to index.php.
|
|||||
| CVE-2008-1641 | 1 Efestech | 1 Video | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter.
|
|||||
| CVE-2008-0738 | 1 Shoppingtree | 1 Candypress Store | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTiers.asp and (b) ajax_getCust.asp in ajax/, and the (2) tableName parameter to (c) ajax/ajax_tableFields.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-2847 | 1 Softdivision | 1 Maxtrade Aoi | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 allows remote attackers to execute arbitrary SQL commands via the categori parameter in a pocategorisell action to modules.php.
|
|||||
| CVE-2008-6418 | 1 Torrenttrader | 1 Torrenttrader | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter.
|
|||||
| CVE-2006-7138 | 1 Oracle | 1 Apex | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven.
|
|||||
| CVE-2007-0642 | 1 Rbl | 1 Tforum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU script collection (aka RBL - ASP) allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) pass to user_confirm.asp.
|
|||||
| CVE-2007-4810 | 1 Netjuke | 1 Netjuke | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to execute arbitrary SQL commands via (1) the ge_id parameter in a list.artists action to explore.php or (2) the id parameter in a show.tracks action to xml.php.
|
|||||
| CVE-2008-6303 | 1 Toursmanager | 1 Tours Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tourview.php in ToursManager allows remote attackers to execute arbitrary SQL commands via the tourid parameter.
|
|||||
| CVE-2007-5220 | 1 Asp Product Catalog | 1 Asp Product Catalog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters.
|
|||||
| CVE-2006-6337 | 1 Aspindir | 1 Aspee Ziyaretci Defteri | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter.
|
|||||
| CVE-2008-1509 | 1 Xlportal | 1 Xlportal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the query parameter.
|
|||||
| CVE-2008-5197 | 1 Php-fusion | 1 Php-fusion | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action.
|
|||||
| CVE-2009-2402 | 1 Phpecho Cms | 1 Phpecho Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355.
|
|||||
| CVE-2010-0324 | 2 Patrick Bauerochse, Typo3 | 2 Ref List, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Customer Reference List (ref_list) extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-6166 | 2 Jmds, Joomla | 2 Com Kbase, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the KBase (com_kbase) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an article action to index.php.
|
|||||
| CVE-2008-3682 | 1 Ypninc | 1 Php Realty | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter.
|
|||||
| CVE-2009-4218 | 1 Jiros | 1 Jbsx | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a related issue to CVE-2007-6091. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-3412 | 1 Ecshop | 1 Epshop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI.
|
|||||
| CVE-2008-6081 | 1 Simplecustomer | 1 Simple Customer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in contact.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-1219 | 1 Phpnuke | 1 Kutubisitte Component | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php.
|
|||||
| CVE-2008-0326 | 1 Fascript | 1 Fapersianhack | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php.
|
|||||
| CVE-2008-5940 | 1 Modxcms | 1 Modxcms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the searchid parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5955 | 1 Phpstreet | 1 Webboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET Webboard) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-1341 | 1 Lagarde | 1 Storefront | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6322 | 1 Cfmsource | 1 Cfmblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
|
|||||
| CVE-2009-0287 | 1 Keep Toolkit | 1 Keep Toolkit | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password.
|
|||||
| CVE-2009-2638 | 2 Joomla, Konze | 2 Joomla, Com Akobook | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php.
|
|||||
| CVE-2007-6168 | 1 Vu | 1 Case Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||