Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6467 | 1 Dieselscripts | 1 Diesel Job Site | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in jobs/jobseekers/job-info.php in Diesel Job Site allows remote attackers to execute arbitrary SQL commands via the job_id parameter.
|
|||||
| CVE-2009-4208 | 1 Open-school | 1 Open-school | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php.
|
|||||
| CVE-2009-0284 | 1 Flaxweb | 1 Flax Article Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
|
|||||
| CVE-2007-1250 | 1 Angel Learning | 1 Learning Management Suite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in section/default.asp in ANGEL Learning Management Suite (LMS) 7.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-0406 | 1 Community Cms | 1 Community Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-1026 | 1 Kimwebsites | 1 Kim Websites | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
|
|||||
| CVE-2008-4303 | 1 Php-collab | 1 Php-collab | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and earlier allow remote attackers to execute arbitrary SQL commands via the loginForm parameter to general/login.php, and unspecified other vectors.
|
|||||
| CVE-2009-2604 | 1 Zenhelpdesk | 1 Zen Help Desk | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp.
|
|||||
| CVE-2008-2867 | 1 E-topbiz | 1 Viral Dx 1 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 allows remote attackers to execute arbitrary SQL commands via the bannerid parameter.
|
|||||
| CVE-2008-4086 | 1 Source Workshop | 1 Reciprocal Links Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action.
|
|||||
| CVE-2009-0339 | 1 Dmxready | 1 Blog Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action.
|
|||||
| CVE-2008-5196 | 1 Php-fusion | 2 Php-fusion, The Kroax Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
|||||
| CVE-2008-3888 | 1 Aspindir | 1 Mini Nuke Freehost | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a member_details action.
|
|||||
| CVE-2008-2023 | 1 Pd9 Software | 1 Megabbs | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp.
|
|||||
| CVE-2009-3965 | 1 Maniacomputer | 1 New5starrating | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter.
|
|||||
| CVE-2008-6907 | 1 2532gigs | 1 2532gigs | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, as accessible from a form generated by index.php.
|
|||||
| CVE-2007-3909 | 1 Bandersnatch | 1 Bandersnatch | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) date and (2) limit parameters to index.php, and other unspecified vectors.
|
|||||
| CVE-2008-1398 | 1 Auracms | 1 Auracms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.
|
|||||
| CVE-2007-5141 | 1 Sitex | 1 Sitex Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allows remote attackers to execute arbitrary SQL commands via the search parameter.
|
|||||
| CVE-2007-5643 | 1 Lussumo | 1 Vanilla | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.
|
|||||
| CVE-2008-3953 | 1 Vastal | 1 Shaadi Zone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in keyword_search_action.php in Vastal I-Tech Shaadi Zone 1.0.9 allows remote attackers to execute arbitrary SQL commands via the tage parameter.
|
|||||
| CVE-2008-5654 | 1 Myiosoft | 1 Easycalendar | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyCalendar 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter, a different vector than CVE-2008-1344. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-6127 | 1 Project Alumni | 1 Project Alumni | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php, which is reachable through a news action to index.php.
|
|||||
| CVE-2009-4475 | 2 Joomla, Joomlub | 2 Joomla\!, Com Joomlub | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php.
|
|||||
| CVE-2008-6064 | 1 Domphp | 1 Domphp | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote attackers to execute arbitrary SQL commands via the cat parameter to agenda/index.php, and unspecified other vectors.
|
|||||
| CVE-2008-2701 | 1 Joomla | 1 Com Gameq | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a page action to index.php.
|
|||||
| CVE-2008-6204 | 1 Supernet | 1 Supernet Shop | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to secure/admin/guncelle.asp, (2) kulad and sifre parameters to secure/admin/giris.asp, and (3) username and password to secure/admin/default.asp.
|
|||||
| CVE-2008-5627 | 1 Activewebsoftwares | 1 Active Trade | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in account.asp in Active Trade 2 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter (aka Email field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-3667 | 1 Adsdx | 1 Adsdx | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows remote attackers to execute arbitrary SQL commands via the Username.
|
|||||
| CVE-2008-5174 | 1 Easysitenetwork | 1 Jokes Complete Website | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter.
|
|||||
| CVE-2009-4198 | 1 Cupidsystems | 1 Myminibill | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in my_orders.php in MyMiniBill allows remote authenticated users to execute arbitrary SQL commands via the orderid parameter in a status action.
|
|||||
| CVE-2008-5287 | 1 Scripts4you | 1 Faq Manager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ Manager 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
|
|||||
| CVE-2008-2013 | 1 Pnflashgames | 1 Pnflashgames | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in the pnFlashGames 1.5 through 2.5 module for PostNuke, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a display action.
|
|||||
| CVE-2009-1843 | 1 Glenn Mcgurrin | 1 Flash Quiz | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) quiz parameter to (a) num_questions.php, (b) answers.php, (c) high_score.php, (d) high_score_web.php, (e) results_table_web.php, and (f) question.php; and the (2) order_number parameter to (g) answers.php and (h) question.php.
|
|||||
| CVE-2008-7030 | 1 Site2nite | 1 Real Estate Web | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
|
|||||
| CVE-2008-6484 | 1 Mole-group | 1 Taxi Calc Dist Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field.
|
|||||
| CVE-2009-3778 | 2 Adam Gerson, Drupal | 2 Moodle Courselist, Drupal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-0753 | 1 Vwar | 1 Virtual War | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 allows remote attackers to execute arbitrary SQL commands via the month parameter.
|
|||||
| CVE-2007-1776 | 1 Design For Joomla | 1 D4j Ezine | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action.
|
|||||
| CVE-2008-6463 | 2 Fr.simon Rundell, Typo3 | 2 Pd Churchsearch, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Diocese of Portsmouth Church Search (pd_churchsearch) extension before 0.1.1, and 0.2.10 and earlier 0.2.x versions, an extension for TYPO3, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||