Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0538 | 1 Phpip | 1 Phpip Management | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to login.php, the (2) id parameter to display.php, and unspecified other vectors. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-3961 | 1 Jos De Ruijter | 1 Superseriousstats | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in user.php in Super Serious Stats (aka superseriousstats) before 1.1.2p1 allows remote attackers to execute arbitrary SQL commands via the uid parameter, related to an "incorrect regexp." NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-3341 | 1 Jobbex | 1 Jobsite | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in search_result.cfm in Jobbex JobSite allow remote attackers to execute arbitrary SQL commands via the (1) jobcountryid and (2) jobstateid parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-2652 | 1 Smeweb | 1 Smeweb | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters.
|
|||||
| CVE-2009-2366 | 1 Datachecknh | 2 Forumpal, Forumpal Fe | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-2901 | 1 Haudenschilt | 1 Family Connections Cms | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.4 allow remote authenticated users to execute arbitrary SQL commands via the (1) address parameter to addressbook.php, the (2) getnews parameter to familynews.php, and the (3) poll_id parameter to home.php in a results action.
|
|||||
| CVE-2008-6477 | 1 Mumbojumbo | 1 Op4 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Mumbo Jumbo Media OP4 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
|
|||||
| CVE-2008-5926 | 1 Asp-dev | 1 Internal E-mail System | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.asp in ASP-DEv Internal E-Mail System allow remote attackers to execute arbitrary SQL commands via the (1) login parameter (aka user field) or the (2) password parameter (aka pass field). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-1847 | 1 Coronamatrix | 1 Phpaddressbook | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook 2.11 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-1907 | 1 Cpcommerce | 1 Cpcommerce | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in functions/display_page.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and CVE-2007-2890.
|
|||||
| CVE-2008-2208 | 1 Maianscriptworld | 1 Maian Greeting | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action.
|
|||||
| CVE-2008-2964 | 1 Researchguide | 1 Researchguide | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-2099 | 2 Ijoomla, Joomla | 2 Com Rssfeeder, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php.
|
|||||
| CVE-2008-2084 | 2 Myarticles, Runcms | 2 Myarticles, Myarticles Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a listarticles action.
|
|||||
| CVE-2008-1162 | 1 Php Web Scripts | 1 Dynamic Photo Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic Photo Gallery 1.02 allows remote attackers to execute arbitrary SQL commands via the albumID parameter.
|
|||||
| CVE-2009-3203 | 1 Ajsquare | 1 Aj Auction Pro-oopd | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-0740 | 1 Frankmancuso | 1 Bluebird | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
|
|||||
| CVE-2008-5655 | 1 Myiosoft | 1 Easybookmarker | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmarker_backend.php or (b) ajaxp.php, different vectors than CVE-2008-5654. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2007-4881 | 1 Psi-labs | 1 Social Networking Script Psisns | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profile/myprofile.php in psi-labs.com social networking script (psisns), probably 1.0, allows remote attackers to execute arbitrary SQL commands via the u parameter.
|
|||||
| CVE-2009-1736 | 1 Joomla | 2 Com Gsticketsystem, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the GridSupport (GS) Ticket System (com_gsticketsystem) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a viewCategory action to index.php.
|
|||||
| CVE-2009-4390 | 2 Jochen Rieger, Typo3 | 2 Car, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-5820 | 1 Edreamers | 1 Ednews | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
|
|||||
| CVE-2009-3150 | 1 Multi-website | 1 Multi Website | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action.
|
|||||
| CVE-2008-1163 | 1 Phparcadescript | 1 Phparcadescript | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in phpArcadeScript 1.0 through 3.0 RC2 allows remote attackers to execute arbitrary SQL commands via the userid parameter in a profile action.
|
|||||
| CVE-2009-3494 | 1 Todor Lazarov | 1 T-htb Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors.
|
|||||
| CVE-2009-2236 | 1 Yourarticlesdirectory | 1 Your Articles Directory | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in yad-admin/login.php in Your Article Directory allows remote attackers to execute arbitrary SQL commands via the txtAdminEmail parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-1430 | 1 Iatek | 1 Aspapp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in links.asp in ASPapp allows remote attackers to execute arbitrary SQL commands via the CatId parameter.
|
|||||
| CVE-2009-3529 | 1 Radscripts | 1 Radbids | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074.
|
|||||
| CVE-2007-6275 | 1 Bcoos | 1 Bcoos | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules/adresses/ratefile.php in bcoos 1.0.10 and earlier allows remote attackers to execute arbitrary SQL commands via the lid parameter, a different vector than CVE-2007-6266.
|
|||||
| CVE-2008-6371 | 1 Ocean12tech | 1 Membership Manager Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the username (Username parameter).
|
|||||
| CVE-2007-5991 | 1 Exo | 1 Exophpdesk | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in ExoPHPdesk allows remote attackers to execute arbitrary SQL commands via the user parameter in a profile fn action.
|
|||||
| CVE-2009-0706 | 3 Joomla, Mambo, Simple-review | 3 Joomla, Mambo, Com Simple Review | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.
|
|||||
| CVE-2008-1349 | 1 Exv2 | 2 Bamagalerie, Exv2 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2008-1460 | 3 Joomla, Joomlapixel, Mambo | 3 Joomla, Com Joovideo, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and 1.2.2 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php.
|
|||||
| CVE-2008-3945 | 1 Source Workshop | 1 Words Tag Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action.
|
|||||
| CVE-2009-0703 | 1 Aspthai.net | 1 Aspthai.net Webboard | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-4374 | 1 Cmsbuzz | 1 Cms Buzz | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in CMS Buzz allows remote attackers to execute arbitrary SQL commands via the id parameter in a playgame action.
|
|||||
| CVE-2008-4706 | 1 Vbulletin | 1 Vbgooglemap | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vBulletin module, allows remote attackers to execute arbitrary SQL commands via the mapid parameter in a showdetails action to (1) vbgooglemaphse.php and (2) mapa.php.
|
|||||
| CVE-2008-5631 | 1 Activewebsoftwares | 1 Active Ewebquiz | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-2775 | 1 Dt Centrepiece | 1 Dt Centrepiece | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to execute arbitrary SQL commands via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||