Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6469 | 1 Phprpg | 1 Phprpg | 2025-04-09 | 9.3 HIGH | N/A |
|
SQL injection vulnerability in index.php in phpRPG 0.8, when magic_qutoes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-2097 | 1 Zokisoft | 1 Zoki Catalog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in system/application/controllers/catalog.php in Zoki Soft Zoki Catalog (aka Smart Catalog) allows remote attackers to execute arbitrary SQL commands via the search_text parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-0147 | 1 Smallnuke | 1 Smallnuke | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action.
|
|||||
| CVE-2008-5222 | 1 Dvbbs | 1 Dvbbs | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2009-3358 | 1 Tourismscripts | 1 Adult Portal Escort Listing | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
|
|||||
| CVE-2008-0614 | 1 Photokorn | 1 Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Photokorn Gallery 1.543 allows remote attackers to execute arbitrary SQL commands via the pic parameter in a showpic action.
|
|||||
| CVE-2008-6383 | 1 Drupal | 2 Drupal, Storm | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2007-2673 | 1 Censura | 1 Censura | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/funcs_vendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action to censura.php.
|
|||||
| CVE-2009-2451 | 1 Mim.infinix | 1 Infinix | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX 1.2.003 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters in a calendar action, or (3) a search term in the search form.
|
|||||
| CVE-2009-1024 | 1 Beerwin | 1 Phplinkadmin | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 allow remote attackers to execute arbitrary SQL commands via the linkid parameter to edlink.php, and unspecified other vectors.
|
|||||
| CVE-2008-1535 | 1 Matti Kiviharju | 1 Rekry Component | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Matti Kiviharju rekry (aka com_rekry or rekry!Joom) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the op_id parameter in a view action to index.php.
|
|||||
| CVE-2009-2310 | 1 Bow Der Kleine | 1 X-blc | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.
|
|||||
| CVE-2009-2978 | 1 Sugarcrm | 1 Sugarcrm | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-3058 | 1 Octeth | 1 Oempro | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and possibly other versions before 4, allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka Email field) to index.php in (1) member/, (2) client/, or (3) admin/; or (4) the FormValue_SearchKeywords parameter to client/campaign_track.php.
|
|||||
| CVE-2008-4078 | 2 Ledgersmb, Sql-ledger | 2 Ledgersmb, Sql-ledger | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2007-5511 | 1 Oracle | 1 Database Server | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain.
|
|||||
| CVE-2009-4342 | 2 Melvin Mach, Typo3 | 2 Jobexchange, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2008-6184 | 2 Joomla, Medialab-karlsruhe | 2 Joomla, Ownbiblio | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php.
|
|||||
| CVE-2008-2537 | 1 Hispah | 1 Model Search | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in cat.php in HispaH Model Search allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2009-1480 | 1 Pragyan Cms Project | 1 Pragyan Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors.
|
|||||
| CVE-2009-0402 | 1 Gplhost | 1 Domain Technologie Control | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters.
|
|||||
| CVE-2009-3218 | 1 The-ghost | 1 Ar Web Content Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in control/login.php in AR Web Content Manager (AWCM) 2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2009-0405 | 1 Smartsitecms | 1 Smartsitecms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter.
|
|||||
| CVE-2008-6086 | 1 Camera Life | 1 Camera Life | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3355.
|
|||||
| CVE-2009-2436 | 1 Phponlinedatingsoftware | 1 Myphpdating | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in page.php in Online Dating Software MyPHPDating 1.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
|
|||||
| CVE-2009-2774 | 1 Php-paid4mail | 1 Php-paid4mail | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail Script allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2009-3750 | 1 Santostefano Giovanni | 1 Toylog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in read.php in ToyLog 0.1 allows remote attackers to execute arbitrary SQL commands via the idm parameter.
|
|||||
| CVE-2008-0856 | 1 E-vision | 1 E-vision Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-1613 | 1 Reddot | 1 Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter.
|
|||||
| CVE-2008-5268 | 1 Aspportal | 1 Aspportal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter.
|
|||||
| CVE-2008-1864 | 1 Prozilla | 1 Prozilla Freelancers | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter.
|
|||||
| CVE-2006-7231 | 1 Civica Software | 1 Civica | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in display.asp in Civica Software Civica allows remote attackers to execute arbitrary SQL commands via the Entry parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6310 | 1 W3matter | 1 Revsense | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to execute arbitrary SQL commands via the f[password] parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-0721 | 1 Mambo | 1 Com Sermon | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter.
|
|||||
| CVE-2009-3334 | 2 Joomla, Lhacky | 2 Joomla\!, Com Jinc | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! Integrated Newsletters Component (aka JINC or com_jinc) component 0.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a messages action to index.php.
|
|||||
| CVE-2008-4148 | 1 Drupal | 1 Mailhandler | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API.
|
|||||
| CVE-2009-2309 | 1 Codice-cms | 1 Codice Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Codice CMS 2 allows remote attackers to execute arbitrary SQL commands via the tag parameter.
|
|||||
| CVE-2009-0831 | 1 Php-fusion | 2 Members Cv Module, Php-fusion | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.
|
|||||
| CVE-2008-2448 | 1 Aspindir | 1 Meto Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) admin/duzenle.asp and (b) admin_oku.asp; the (2) kid parameter to (c) kategori.asp and (d) admin_kategori.asp; and unspecified parameters to (e) uye.asp and (f) oku.asp.
|
|||||
| CVE-2007-6170 | 2 Debian, Digium | 2 Debian Linux, Asterisk | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the Call Detail Record Postgres logging engine (cdr_pgsql) in Asterisk 1.4.x before 1.4.15, 1.2.x before 1.2.25, B.x before B.2.3.4, and C.x before C.1.0-beta6 allows remote authenticated users to execute arbitrary SQL commands via (1) ANI and (2) DNIS arguments.
|
|||||