Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2647 | 1 Mebiblio | 1 Mebiblio | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/journal_change_mask.inc.php in meBiblio 0.4.7 allows remote attackers to execute arbitrary SQL commands via the JID parameter.
|
|||||
| CVE-2009-0454 | 1 Dmxready | 1 Online Notebook Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DMXReady Online Notebook Manager 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field. NOTE: some third parties report inability to verify this issue.
|
|||||
| CVE-2008-3054 | 1 Typo3 | 1 Branchenbuch Extension | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Branchenbuch (aka Yellow Pages o (mh_branchenbuch) extension 0.8.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-6608 | 1 Developiteasy | 1 Events Calendar | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DevelopItEasy Events Calendar 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter (aka user field) to admin/index.php, (2) the user_pass parameter (aka pass field) to admin/index.php, or (3) the id parameter to calendar_details.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-6706 | 1 Soumu | 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages.
|
|||||
| CVE-2009-2591 | 2 E-xoopport, Runcms | 2 E-xoopport, Myannonces | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the MyAnnonces module for E-Xoopport 3.1 allows remote attackers to execute arbitrary SQL commands via the lid parameter in a viewannonces action to index.php.
|
|||||
| CVE-2008-2455 | 1 E107coders | 1 E107 Blog Engine | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comment.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the rid parameter.
|
|||||
| CVE-2009-0296 | 1 Gempar | 1 Script Toko Online | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in shop_display_products.php in Script Toko Online 5.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
|
|||||
| CVE-2008-5293 | 1 Bdigital Web Solutions | 1 Webstudio Ehotel | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in WebStudio eHotel allows remote attackers to execute arbitrary SQL commands via the pageid parameter.
|
|||||
| CVE-2008-6015 | 1 Editeurscripts | 1 Esfaq | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) keywords and (2) cat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-1208 | 2 Auth2db, Auth2dbauth2db | 2 Auth2db, 0.1.1 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.
|
|||||
| CVE-2008-3378 | 1 Fizzmedia Negativekarma | 1 Fizzmedia | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
|
|||||
| CVE-2008-3952 | 1 Editeurscripts Esfaq | 1 2.0 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in questions.php in EsFaq 2.0 allows remote attackers to execute arbitrary SQL commands via the idcat parameter.
|
|||||
| CVE-2009-1814 | 1 Jevontech | 1 Phpenpals | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074.
|
|||||
| CVE-2008-4347 | 1 Powie | 1 Pnews | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
|
|||||
| CVE-2008-5977 | 1 Preprojects | 1 Php Jobwebsite Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action.
|
|||||
| CVE-2008-0579 | 1 Joomla | 1 Com Buslicense | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the buslicense (com_buslicense) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in a list action.
|
|||||
| CVE-2008-6805 | 1 Micgr | 1 Mic Blog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to category.php, the (2) user parameter to login.php, and the (3) site parameter to register.php.
|
|||||
| CVE-2008-0446 | 1 Julian Pawlowski | 1 Lulieblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-2083 | 1 Prozilla | 1 Hosting Index | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
|
|||||
| CVE-2007-5992 | 1 Datecomm | 1 Social Networking Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in datecomm Social Networking Script (aka Myspace Clone Script) allows remote attackers to execute arbitrary SQL commands via the seid parameter in a viewcat s action on the forums page.
|
|||||
| CVE-2008-2203 | 1 Maianscriptworld | 1 Maian Search | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action.
|
|||||
| CVE-2008-1407 | 1 Exv2 | 1 Exv2 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in the WebChat 1.60 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.
|
|||||
| CVE-2008-6414 | 1 Aj Square | 1 Aj Auction | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
|
|||||
| CVE-2008-7120 | 1 Mrcgiguy | 1 Hot Links Sql-php | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter.
|
|||||
| CVE-2007-6551 | 1 Mailmachinepro | 1 Mailmachine Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, and other versions before 2.2.6, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-0704 | 1 Webmastersite | 1 Wsn Guest | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.php in WSN Guest 1.23 allows remote attackers to execute arbitrary SQL commands via the search parameter in an advanced action.
|
|||||
| CVE-2008-6968 | 1 Pligg | 1 Pligg Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.
|
|||||
| CVE-2008-6369 | 1 Ocean12tech | 1 Contact Manager Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter.
|
|||||
| CVE-2008-7226 | 2 Php-nuke, Phpnuke | 2 Recipe Module, Php-nuke | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Recipes module 1.3, 1.4, and possibly other versions for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the recipeid parameter.
|
|||||
| CVE-2008-2113 | 1 Phpeasydata | 1 Phpeasydata | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
|
|||||
| CVE-2008-6236 | 1 Cafuego | 1 Simple Document Management System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-0520 | 1 Wordpress | 1 Wassup Plugin | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) from_date or (2) to_date parameter to spy.php.
|
|||||
| CVE-2008-4172 | 1 Rfaah | 1 Cars-vehicles Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote attackers to execute arbitrary SQL commands via the lnkid parameter.
|
|||||
| CVE-2008-3452 | 1 Endonesia | 2 Calendar Module, Endonesia | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the Calendar module in eNdonesia 8.4 allows remote attackers to execute arbitrary SQL commands via the loc_id parameter in a list_events action to mod.php.
|
|||||
| CVE-2009-4577 | 1 Maxdev | 2 Mdforum, Mdpro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php.
|
|||||
| CVE-2008-6454 | 1 6rbscript | 1 6rbscript | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in section.php in 6rbScript 3.3 allows remote attackers to execute arbitrary SQL commands via the singerid parameter in a singers action.
|
|||||
| CVE-2008-0185 | 1 Netrisk | 1 Netrisk | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the pid parameter in a profile page (possibly profile.php).
|
|||||
| CVE-2009-3117 | 1 Snowhall | 1 Silurus System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in category.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2006-7089 | 1 Ban | 1 Ban | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in connexion.php in Ban 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||