Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3193 | 2 Joomla, Uwix | 2 Joomla, Com Digifolio | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php.
|
|||||
| CVE-2007-6462 | 1 Php Real Estate Classifieds | 1 Php Real Estate Classifieds Premium Plus | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in fullnews.php in PHP Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-2164 | 1 Kjtechforce | 1 Mailman | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php.
|
|||||
| CVE-2008-4700 | 1 Liberiacms | 1 Liberia Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_pass cookie parameter.
|
|||||
| CVE-2009-3820 | 2 Flagbit, Typo3 | 2 Fb Filebase, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Flagbit Filebase (fb_filebase) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-4768 | 1 Tlm Cms | 1 Tlm Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to execute arbitrary SQL commands via the nom parameter to a-b-membres.php. NOTE: the goodies.php vector is already covered by CVE-2007-4808. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-2114 | 1 Preprojects | 1 Pre Shopping Mall | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in emall/search.php in Pre Shopping Mall 1.1 allows remote attackers to execute arbitrary SQL commands via the search parameter.
|
|||||
| CVE-2009-1404 | 1 Pastel | 1 Pastelcms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter.
|
|||||
| CVE-2007-4808 | 1 Tlm Cms | 1 Tlm Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter to affichage.php, (5) the id_sal parameter to mod_forum/afficher.php, or (6) the id_sujet parameter to mod_forum/messages.php. NOTE: it was later reported that goodies.php and affichage.php scripts a ...
Show More |
|||||
| CVE-2009-3330 | 1 Cpecreator | 1 Cp Creator | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in cP Creator 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tickets parameter in a support ticket action.
|
|||||
| CVE-2009-3314 | 1 Eliteladders | 1 Elite Gaming Ladders | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 allows remote attackers to execute arbitrary SQL commands via the platform parameter.
|
|||||
| CVE-2008-3489 | 1 Phpx | 1 Phpx | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in checkCookie function in includes/functions.inc.php in PHPX 3.5.16 allows remote attackers to execute arbitrary SQL commands via a PXL cookie.
|
|||||
| CVE-2008-5633 | 1 Activewebsoftwares | 1 Activevotes | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-0358 | 1 Pixelpost | 1 Pixelpost | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter.
|
|||||
| CVE-2008-3387 | 1 Phpfootball | 1 Phpfootball | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter.
|
|||||
| CVE-2008-2796 | 1 Freecms.us | 1 Freecms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2008-4717 | 1 Zeeways | 1 Zeelyrics | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
|
|||||
| CVE-2008-5782 | 1 Zeeways | 1 Zeematri | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
|
|||||
| CVE-2008-2765 | 1 Xigla | 1 Absolute Image Gallery Xe | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in gallery.asp in Xigla Absolute Image Gallery XE allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action.
|
|||||
| CVE-2008-6037 | 1 Availscript | 1 Availscript Article Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.php in AvailScript Article Script allows remote attackers to execute arbitrary SQL commands via the v parameter.
|
|||||
| CVE-2009-4561 | 1 Worms-league | 1 Webleague | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
|
|||||
| CVE-2007-6272 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 allow remote attackers to execute arbitrary SQL commands via (1) the view parameter to the com_content component, (2) the task parameter to the com_search component, or (3) the option parameter in a search action to the com_search component.
|
|||||
| CVE-2009-3835 | 2 Joomla, Whorl Ltd | 2 Joomla, Jshop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JShop (com_jshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter in a product action to index.php.
|
|||||
| CVE-2007-5974 | 1 Jportal | 1 Jportal Web Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter.
|
|||||
| CVE-2008-1549 | 1 Aeries | 1 Aeries Student Information System | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to execute arbitrary SQL commands via the (1) GrdBk parameter to GradebookOptions.asp and the (2) SchlCode variable to loginproc.asp, a different vector than CVE-2008-0942.
|
|||||
| CVE-2008-2175 | 1 Gamma Scripts | 1 Blogme Php | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comments.php in Gamma Scripts BlogMe PHP 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-5242 | 1 Etomite | 1 Etomite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-2890 | 1 Offl | 1 Online Fantasy Football League | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter to players.php.
|
|||||
| CVE-2008-0133 | 1 Thomas Perez | 1 Tribisur | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action.
|
|||||
| CVE-2009-2894 | 1 Clone2009 | 1 Ebay Clone | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php.
|
|||||
| CVE-2008-2492 | 1 Badongo | 1 Campus Bulletin Board | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to post3/book.asp.
|
|||||
| CVE-2007-5704 | 1 Codewidgets | 1 Online Event Registration Template | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event Registration Template allow remote attackers to execute arbitrary SQL commands via the (1) Email Address and (2) Password fields in (a) login.asp and (b) admin_login.asp.
|
|||||
| CVE-2008-0328 | 1 Fascript | 1 Faname | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6572 | 1 Abledating | 1 Abledating | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in search_results.php in ABK-Soft AbleDating 2.4 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
|
|||||
| CVE-2007-4653 | 1 Phpbb | 1 Phpbb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action.
|
|||||
| CVE-2008-2380 | 1 Courier-mta | 1 Courtier-authlib | 2025-04-09 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes.
|
|||||
| CVE-2008-1774 | 1 Pligg | 1 Pligg Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-3025 | 1 Plx Web Studio | 1 Plx Ad Trader | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter in a redir action.
|
|||||
| CVE-2008-6624 | 1 Webbdomain | 1 Petition | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, 2.0, and 3.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2009-1247 | 1 Acutecp.rediscussed | 1 Acutecp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Acute Control Panel 1.0.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||