Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4627 | 2 Rgallery, Woltlab | 2 Rgallery Plugin, Woltlab Burning Board | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php.
|
|||||
| CVE-2008-3955 | 1 Masir Camp | 1 E-shop Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Masir Camp E-Shop Module 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ordercode parameter in a veiworderstatus page.
|
|||||
| CVE-2008-4084 | 1 Myiosoft | 1 Easyclassifields | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action.
|
|||||
| CVE-2008-5651 | 1 Myiosoft | 1 Easybookmarker | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in plugins/bookmarker/bookmarker_backend.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the Parent parameter.
|
|||||
| CVE-2008-6390 | 1 Ocean12tech | 1 Membership Manager Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6780 | 1 Scripts-for-sites | 1 Ez Affiliate | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in directory.php in Scripts for Sites (SFS) SFS EZ Affiliate allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
|
|||||
| CVE-2009-1229 | 1 Arcadwy | 1 Arcadwy Arcade Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter.
|
|||||
| CVE-2009-0459 | 1 Wholehogsoftware | 1 Password Protect | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-4431 | 1 Icebb | 1 Icebb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and earlier allows remote attackers to execute arbitrary SQL commands via the skin parameter, probably related to an incorrect protection mechanism in the clean_string function in includes/functions.php.
|
|||||
| CVE-2008-2088 | 1 Phpforge | 1 Php Forge | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php.
|
|||||
| CVE-2008-6311 | 1 Butterflymedia | 1 Butterfly Organizer | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 allows remote attackers to execute arbitrary SQL commands via the mytable parameter. NOTE: the id vector is covered by another CVE name.
|
|||||
| CVE-2007-0985 | 1 Phpcc | 1 Phpcc | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action.
|
|||||
| CVE-2009-4339 | 2 Stephan Vits, Typo3 | 2 Mf Subscription, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Subscription (mf_subscription) extension 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2009-4165 | 2 Simple Glossar, Typo3 | 2 Simple Glossar, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the simple Glossar (simple_glossar) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2007-4603 | 1 Altercoder | 1 Acg News | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter in a showarticle action or (2) the catid parameter in a showcat action.
|
|||||
| CVE-2009-0407 | 1 Humayun Shabbir | 1 Php-cms Project | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2008-3291 | 1 Aprox | 2 Aprox Cms Engine, Aproxengine | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS Engine) 5.1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-0377 | 1 Joomla | 2 Com Beamospetition, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132.
|
|||||
| CVE-2009-0462 | 1 Clicktech | 1 Clickcart | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in customer_login_check.asp in ClickTech ClickCart 6.0 allow remote attackers to execute arbitrary SQL commands via (1) the txtEmail parameter (aka E-MAIL field) or (2) the txtPassword parameter (aka password field) to customer_login.asp. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6038 | 1 Powie | 1 Pforum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-2036 | 1 Geekbill | 1 Open Biller | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Open Biller 0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2008-5586 | 1 Check Up | 1 Check New | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in findoffice.php in Check Up New Generation (aka Check New) 4.52, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter.
|
|||||
| CVE-2009-3326 | 1 Cmscontrol | 1 Cmscontrol | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in CMScontrol Content Management System 7.x allows remote attackers to execute arbitrary SQL commands via the id_menu parameter.
|
|||||
| CVE-2008-4204 | 1 Softacid | 1 Hotel Reservation System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation System (HRS) allows remote attackers to execute arbitrary SQL commands via the city parameter.
|
|||||
| CVE-2008-3152 | 1 Orbitscripts | 2 Smartppc, Smartppc Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory parameter.
|
|||||
| CVE-2008-3601 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action.
|
|||||
| CVE-2009-2573 | 1 Bioscripts | 1 Minitwitter | 2025-04-09 | 6.0 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via the (1) user parameter to (a) index.php and (b) rss.php.
|
|||||
| CVE-2008-2095 | 3 Joomla, Mambo, Page-flip-tools | 3 Com Flippingbook, Com Flippingbook, Flipping Book | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter.
|
|||||
| CVE-2008-6606 | 1 Matpo | 1 Matpo Link | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-0447 | 1 Foojan | 1 Php Weblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter.
|
|||||
| CVE-2008-2568 | 1 Joomla | 2 Com Simpleshop, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component 3.4 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a browse action to index.php.
|
|||||
| CVE-2008-4620 | 1 Mrbs | 1 Mrbs | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.
|
|||||
| CVE-2007-5951 | 1 E-vendejo | 1 0.2 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-3669 | 2 Foobla, Joomla | 2 Com Foobla Suggestions, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the foobla Suggestions (com_foobla_suggestions) component 1.5.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the idea_id parameter to index.php.
|
|||||
| CVE-2009-3063 | 2 Indianpulses, Joomla | 2 Com Gameserver, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php.
|
|||||
| CVE-2008-2918 | 1 Application Dynamics | 1 Cartweaver | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in details.php in Application Dynamics Cartweaver 3.0 allows remote attackers to execute arbitrary SQL commands via the prodId parameter, possibly a related issue to CVE-2006-2046.3.
|
|||||
| CVE-2008-3267 | 1 Mojoscripts | 1 Mojojobs | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter.
|
|||||
| CVE-2008-6202 | 1 Jakob-persson | 1 Cobalt | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in CoBaLT 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) urun.asp, (2) admin/bayi_listele.asp, (3) admin/urun_grup_listele.asp, and (4) admin/urun_listele.asp.
|
|||||
| CVE-2009-4582 | 1 Xoops | 1 Xoops Dictionary | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6227 | 1 Preproject | 1 Pre Multi-vendor Shopping Malls | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor Shopping Malls allows remote attackers to execute arbitrary SQL commands via the (1) sid and (2) cid parameters.
|
|||||