Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3154 | 2 Almondsoft, Joomla | 2 Com Aclassf, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to execute arbitrary SQL commands via the replid parameter in a manw_repl add_form action to index.php, a different vector than CVE-2009-2567.
|
|||||
| CVE-2008-6721 | 1 Ajsquare | 1 Aj Article | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in AJ Square AJ Article allows remote attackers to execute arbitrary SQL commands via the txtName parameter (aka the username field).
|
|||||
| CVE-2008-1122 | 1 Dream4 | 1 Koobi Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported that this also affects Koobi CMS 4.2.4, 4.2.5, and 4.3.0.
|
|||||
| CVE-2008-4082 | 1 Brim-project | 1 Brim | 2025-04-09 | 4.6 MEDIUM | N/A |
|
SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php.
|
|||||
| CVE-2009-0534 | 1 Flexcms | 1 Flexcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter.
|
|||||
| CVE-2008-5817 | 1 Web Scribble Solutions | 1 Webclassifieds | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Web Scribble Solutions webClassifieds 2005 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) password fields in a sign_in action.
|
|||||
| CVE-2009-1259 | 1 Insanevisions | 1 Adaptbb | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in inc/bb/topic.php in Insane Visions AdaptBB 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a topic action to index.php.
|
|||||
| CVE-2007-6266 | 1 Bcoos | 1 Bcoos | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to modules/arcade/index.php in a show_stats action, or the lid parameter to (2) modules/myalbum/ratephoto.php or (3) modules/mylinks/ratelink.php, different vectors than CVE-2007-5104.
|
|||||
| CVE-2008-3755 | 1 Yourfreeworld | 1 Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
|||||
| CVE-2008-6285 | 1 Businessvein | 1 Php Tv Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PHP TV Portal 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the mid parameter.
|
|||||
| CVE-2009-0381 | 2 Bazaarbuilder, Joomla | 2 Ecommerce Shopping Cart, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping Cart (com_prod) 5.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a products action to index.php.
|
|||||
| CVE-2008-3880 | 1 Zoneminder | 1 Zoneminder | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter.
|
|||||
| CVE-2009-0768 | 1 Yapbb | 1 Yapbb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the forumID parameter in a next action.
|
|||||
| CVE-2009-3913 | 1 Xerox | 1 Fiery Webtools | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter.
|
|||||
| CVE-2008-0139 | 1 Loudblog | 1 Loudblog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog 0.8.0 and earlier allows remote attackers to execute arbitrary PHP code via the template parameter.
|
|||||
| CVE-2008-5767 | 1 Gazatem | 1 Gnews Publisher | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter.
|
|||||
| CVE-2009-4470 | 1 Dvbbs | 1 Dvbbs | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows remote attackers to execute arbitrary SQL commands via the groupboardid parameter.
|
|||||
| CVE-2009-3308 | 1 Fanupdate | 1 Fanupdate | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows remote attackers to execute arbitrary SQL commands via the listingid parameter.
|
|||||
| CVE-2008-1486 | 1 Phorum | 1 Phorum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.
|
|||||
| CVE-2008-5958 | 1 Activewebsoftwares | 1 Active Test | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp.
|
|||||
| CVE-2008-0514 | 2 Joomla, Mambo | 2 Glossary, Glossary | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action.
|
|||||
| CVE-2009-2340 | 1 Opial | 1 Opial | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-3301 | 1 Fusetalk | 1 Fusetalk | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. NOTE: a patch may have been released privately between April and June 2007. NOTE: this issue may overlap CVE-2007-3273.
|
|||||
| CVE-2008-2351 | 1 Webmanager-pro | 1 Cms Webmanager-pro | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in CMS WebManager-Pro allow remote attackers to execute arbitrary SQL commands via the (1) lang_id and (2) menu_id parameters.
|
|||||
| CVE-2008-5648 | 1 Deltascripts | 1 Php Shop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/login.php in DeltaScripts PHP Shop 1.0 allows remote attackers to execute arbitrary SQL commands via the admin_username parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-2412 | 1 Acgv.free | 1 Acgv News | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-0825 | 1 Caroline | 1 Caroline | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Claroline before 1.8.9 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-6003 | 1 Aj Square | 1 Aj Auction | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sellers_othersitem.php in AJ Auction Pro Platinum 2 allows remote attackers to execute arbitrary SQL commands via the seller_id parameter.
|
|||||
| CVE-2009-2389 | 1 Usolved | 1 Newsolved | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or (2) idneu parameter in an archive action, or (3) the newsid parameter.
|
|||||
| CVE-2008-7097 | 1 Qsoft-inc | 1 K-rate | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in includes/functions.php, and (4) unspecified variables in modules/chat.php, as demonstrated via the (a) show parameter in an online action to index.php; (b) PATH_INTO to the room/ handler; (c) image and (d) id parameters in a vote action to ...
Show More |
|||||
| CVE-2007-6345 | 1 Aurora | 1 Aurora Framework | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in aurora framework before 20071208 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly the value parameter to the pack_var function in module/db.lib/db_mysql.lib. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-2234 | 1 Vicidial | 1 Call Center Suite | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call Center Suite 2.0.5-173 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter ($PHP_AUTH_USER) and (2) Password parameter ($PHP_AUTH_PW).
|
|||||
| CVE-2008-6328 | 1 Butterflymedia | 1 Butterfly Organizer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6362 | 1 Ezonelink | 1 Multiple Membership Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sitepage.php in Multiple Membership Script 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-3052 | 2 Absoluteanime, Phpbb | 2 Prime Quick Style, Phpbb | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in root/includes/prime_quick_style.php in the Prime Quick Style addon before 1.2.3 for phpBB 3 allows remote authenticated users to execute arbitrary SQL commands via the prime_quick_style parameter to ucp.php.
|
|||||
| CVE-2008-6459 | 1 Typo3 | 2 Autobeuser, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the auto BE User Registration (autobeuser) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-6776 | 1 Scripts-for-sites | 1 Ez Hot Or Not | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewcomments.php in Scripts For Sites (SFS) EZ Hot or Not allows remote attackers to execute arbitrary SQL commands via the phid parameter.
|
|||||
| CVE-2008-3309 | 1 Digiappz | 1 Digileave | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
|
|||||
| CVE-2008-3051 | 1 Typo3 | 1 Pinboard Extension | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Pinboard extension 0.0.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-3724 | 1 Papoo | 1 Papoo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Papoo before 3.7.2 allows remote attackers to execute arbitrary SQL commands via the suchanzahl parameter.
|
|||||