Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2395 | 1 Alkalinephp | 1 Alkalinephp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-3319 | 1 Dimofinf | 1 Dawaween | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018.
|
|||||
| CVE-2009-1032 | 1 Yabsoft | 1 Advanced Image Hosting Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in gallery_list.php in YABSoft Advanced Image Hosting (AIH) Script 2.3 allows remote attackers to execute arbitrary SQL commands via the gal parameter.
|
|||||
| CVE-2008-3055 | 1 Typo3 | 1 Support View Extension | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Support view (ext_tbl) extension 0.0.102 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-3500 | 1 Bpowerhouse | 1 Bpgames | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to main.php and (2) game_id parameter to game.php.
|
|||||
| CVE-2009-2123 | 1 Elvinbts | 1 Elvinbts | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. NOTE: it was later reported that vector 3c also affects 1.2.2.
|
|||||
| CVE-2008-6226 | 1 Preproject | 1 Php Auto Listings Script | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter.
|
|||||
| CVE-2008-5733 | 1 Php-fusion | 2 Php-fusion, Team Impact Ti Blog System Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-3531 | 1 Universe | 1 Universe Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-4060 | 1 Cubecart | 1 Cubecart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.
|
|||||
| CVE-2009-3801 | 1 Opendocman | 1 Opendocman | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmpass (aka Password) parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-0683 | 1 Wordpress | 1 St Newsletter Plugin | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in shiftthis-preview.php in the ShiftThis Newsletter (st_newsletter) plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.
|
|||||
| CVE-2008-5864 | 2 Joomla, Joomlahbs | 3 Joomla, Com Tophotelmodule, Hotel Booking Reservation System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
|
|||||
| CVE-2008-0142 | 1 Webportal | 1 Webportal Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors.
|
|||||
| CVE-2008-4705 | 1 Phponlinedatingsoftware | 1 Myphpdating | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in success_story.php in php Online Dating Software MyPHPDating allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-0479 | 1 Onlinegrades | 1 Online Grades | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin/admin_login.php in Online Grades 3.2.4 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-4527 | 1 Php-fusion | 1 Recepies Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-4094 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer.
|
|||||
| CVE-2009-0709 | 1 Vlad Alexa Mancini | 1 Phpfootball | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-5578 | 1 Scssboard | 1 Scssboard | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allow remote attackers to execute arbitrary SQL commands via (1) the f parameter in a showforum action, (2) the u parameter in a profile action, (3) the viewcat parameter, or (4) a combination of scb_uid and scb_ident cookie values.
|
|||||
| CVE-2008-6794 | 1 Sfs Ez Pub | 1 Fsf Ex Pub | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in directory.php in Scripts For Sites (SFS) EZ Pub Site allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2007-5068 | 1 Phpfullannu | 1 Phpfullannu | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in phpFullAnnu (PFA) 6.0 allows remote attackers to execute arbitrary SQL commands via the mod parameter.
|
|||||
| CVE-2008-3306 | 1 Youtube Blog | 1 Youtube Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in info.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3307. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-1875 | 1 Terong | 1 Advanced Web Photo Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter.
|
|||||
| CVE-2009-3532 | 2 Logrover, Microsoft | 2 Logrover, Windows | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-6602 | 1 Noserub | 1 Noserub | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in app/models/identity.php in NoseRub 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username field to the login script.
|
|||||
| CVE-2008-3780 | 1 Review-script | 1 Five Star Review Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in recommend.php in Five Star Review Script allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
|
|||||
| CVE-2009-0494 | 2 Joomla, Mivaco | 2 Joomla, Com Portfol | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Portfol (com_portfol) 1.2 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the vcatid parameter in a viewcategory action to index.php.
|
|||||
| CVE-2009-1734 | 1 Omnisoftsol | 1 Vidsharepro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in listing_video.php in VidSharePro allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2009-0728 | 2 Maxdev, Postnuke | 3 Md-pro, My Egallery, Postnuke | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php.
|
|||||
| CVE-2008-0653 | 1 Joomla | 1 Com Ynews | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Ynews (com_ynews) 1.0.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showYNews action.
|
|||||
| CVE-2009-2390 | 2 F-cimag-in, Joomla | 2 Com Bookflip, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php.
|
|||||
| CVE-2008-2629 | 2 Drupal, Lifetype | 2 Drupal, Lifetype | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.
|
|||||
| CVE-2008-0424 | 1 Mooseguy Blog System | 1 Mgbs | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter.
|
|||||
| CVE-2008-6007 | 1 Quidascript | 1 Bookmarks Favourites Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_group.php in QuidaScript BookMarks Favourites Script (APB) allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-0421 | 1 Joomla | 2 Com Eventing, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
|
|||||
| CVE-2008-1699 | 1 Desiquintans | 1 Writers Block Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in permalink.php in Desi Quintans Writer's Block CMS 3.8a allows remote attackers to execute arbitrary SQL commands via the PostID parameter.
|
|||||
| CVE-2008-4753 | 1 Aj Square Inc | 1 Rss Reader | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter.
|
|||||
| CVE-2008-3561 | 1 Powergap | 1 Shopsystem | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in s03.php in Powergap Shopsystem, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the ag parameter.
|
|||||
| CVE-2008-1508 | 1 Efestech | 1 E-kontor | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in EfesTech E-Kontör and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||