Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3325 | 2 Focusdev, Joomla | 2 Com Surveymanager, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Focusplus Developments Survey Manager (com_surveymanager) component 1.5.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the stype parameter in an editsurvey action to index.php.
|
|||||
| CVE-2009-4380 | 1 Valarsoft | 1 Webmatic | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-2925.
|
|||||
| CVE-2008-2029 | 1 Minibb | 1 Minibb | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) setup_options.php in miniBB 2.2 and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary SQL commands via the xtr parameter in a userinfo action to index.php.
|
|||||
| CVE-2009-3054 | 2 Artetics, Joomla | 2 Com Artportal, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Artetics.com Art Portal (com_artportal) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the portalid parameter to index.php.
|
|||||
| CVE-2009-2915 | 1 2fly | 1 Gift Delivery System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action.
|
|||||
| CVE-2009-2239 | 1 Joomla | 4 Com Casiino Blackjack, Com Casino Videopoker, Com Casinobase and 1 more | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the (1) casinobase (com_casinobase), (2) casino_blackjack (com_casino_blackjack), and (3) casino_videopoker (com_casino_videopoker) components 0.3.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
|
|||||
| CVE-2008-4658 | 1 Typo3 | 2 Jobcontrol, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-5212 | 1 Aj Square | 1 Aj Auction | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
|
|||||
| CVE-2008-0681 | 1 Phpshop | 1 Phpshop | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in PHPShop 0.8.1 allows remote attackers to execute arbitrary SQL commands via the product_id parameter, as demonstrated by a shop/flypage action.
|
|||||
| CVE-2008-3445 | 1 Phpmyrealty | 1 Phpmyrealty | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 allows remote attackers to execute arbitrary SQL commands via the location parameter.
|
|||||
| CVE-2008-5921 | 1 Umerinc | 1 Songs Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in albums.php in Umer Inc Songs Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6249 | 1 Gwm | 1 Galatolo Webmanager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in plugins/users/index.php in Galatolo WebManager 1.3a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-0874 | 1 Xoops | 1 Eempregos Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the eEmpregos module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
|
|||||
| CVE-2008-5310 | 1 Netart Media | 1 Car Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in image.php in NetArt Media Car Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-1715 | 1 Auracms | 1 Auracms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.
|
|||||
| CVE-2008-6237 | 1 Scripts-for-sites | 1 Hotscripts-like Site | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in software-description.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-3848 | 1 Pdesigner | 1 Z-breaknews | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6247 | 1 Scripts-for-sites | 1 Ez Top Sites | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in topsite.php in Scripts For Sites (SFS) EZ Top Sites allows remote attackers to execute arbitrary SQL commands via the ts parameter.
|
|||||
| CVE-2009-4163 | 2 Tw Productfinder, Typo3 | 2 Tw Productfinder, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-6244 | 1 Scripts-for-sites | 1 Ez Gaming Cheats | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_reviews.php in Scripts for Sites (SFS) EZ Gaming Cheats allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-2180 | 1 Cplinks | 1 Cplinks | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in cpLinks 1.03, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) admin_username parameter (aka the username field) to admin/index.php and the (2) search_text and (3) search_category parameters to search.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-6138 | 1 Vu | 1 Mass Mailer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5273 | 1 Toddwoolums | 1 Todd Woolums Asp News Management | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter.
|
|||||
| CVE-2009-1323 | 1 Webfileexplorer | 1 Web File Explorer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-6587 | 1 Plogger | 1 Plogger | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-1741 | 1 Dutchmonkey | 1 Dm Filemanager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.
|
|||||
| CVE-2007-1920 | 1 Smodbip | 1 Smodbip | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the aktualnosci module in SmodBIP 1.06 and earlier allows remote attackers to execute arbitrary SQL commands via the zoom parameter, possibly related to home.php.
|
|||||
| CVE-2008-6481 | 3 Joomla, Joomprod, Mambo-foundation | 3 Joomla, Com Versioning, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Versioning component (com_versioning) 1.0.2 in Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.
|
|||||
| CVE-2009-2616 | 1 Datachecknh | 1 Sitepal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions SitePal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-3951 | 1 Vastal | 1 Agent Zone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the ann_id parameter.
|
|||||
| CVE-2008-4044 | 1 Aj Square | 1 Aj Hyip | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in article/readarticle.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the artid parameter.
|
|||||
| CVE-2008-6405 | 1 Greatclone | 1 Hotscripts Clone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showcategory.php in Hotscripts Clone allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2009-2929 | 1 Tgs-cms | 1 Tgs Content Management | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, ( ...
Show More |
|||||
| CVE-2008-0650 | 1 Simple Os Cms | 1 Simple Os Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6434 | 1 Blueriver | 1 Sava Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to execute arbitrary SQL commands via the LinkServID parameter.
|
|||||
| CVE-2008-1788 | 1 Prozilla | 1 Entertainers | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in directory.php in Prozilla Entertainers 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-4467 | 1 Vastal I-tech | 1 Toner Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in show_series_ink.php in Vastal I-Tech Toner Cart allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-5641 | 1 Activewebsoftwares | 1 Active Photo Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
|
|||||
| CVE-2009-1409 | 1 E107 | 1 E107 | 2025-04-09 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320.
|
|||||
| CVE-2008-6348 | 1 Developiteasy | 1 Photo Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
|
|||||