Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6509 | 1 Igniterealtime | 1 Openfire | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.
|
|||||
| CVE-2009-0739 | 1 Frankmancuso | 1 Mynews | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
|
|||||
| CVE-2009-2341 | 1 Shalwan | 1 Opial | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter.
|
|||||
| CVE-2008-5208 | 2 Joomla, Mambo | 3 Com Datsogallery, Joomla, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
|
|||||
| CVE-2008-3374 | 1 Gregarius | 1 Gregarius | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action.
|
|||||
| CVE-2008-1639 | 1 Neat Web | 1 Neat-web | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Neat weblog 0.2 allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a show action, probably related to the showArticle function in lib/lib_article.include.php.
|
|||||
| CVE-2008-5490 | 1 Phpstore | 1 Yahoo Answers | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6069 | 2 123flashchat, E107 | 2 Echat Plugin, E107 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter.
|
|||||
| CVE-2007-6538 | 2 Moodle, Mrbs | 2 Moodle, Mrbs | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-2907 | 1 Webchamado | 1 Webchamado | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in admin/index.php in WebChamado 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the eml parameter.
|
|||||
| CVE-2008-6151 | 1 Sepcity | 1 Shopping Mall | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall allows remote attackers to execute arbitrary SQL commands via the ID parameter.
|
|||||
| CVE-2008-2429 | 1 Calendarix | 1 Basic | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and vector 2 might overlap CVE-2005-1865.2.
|
|||||
| CVE-2009-4296 | 2 Brian Miller, Drupal | 2 Taxonomy Timer, Drupal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-4633 | 1 Drupal | 2 Drupal, Node Clone | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x before 6.x-1.0, a module for Drupal, when "Allow user to vote again" is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to a "previously cast vote."
|
|||||
| CVE-2008-3388 | 1 Easy-script | 1 Def Blog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php.
|
|||||
| CVE-2008-6032 | 1 Wsn | 1 Links | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-3804 | 1 Runcms | 1 Runcms | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter.
|
|||||
| CVE-2008-7059 | 1 Aled Owen | 1 One-news | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter.
|
|||||
| CVE-2009-0702 | 2 Joomla, Phoca | 2 Joomla, Com Phocadocumentation | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Phoca Documentation (com_phocadocumentation) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action to index.php.
|
|||||
| CVE-2008-6389 | 1 Aliensoftcorp | 1 Rae Media Contact Management | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in asadmin/default.asp in Rae Media Contact Management Software SOHO, Standard, and Enterprise allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5000 | 1 Phpx | 1 Phpx | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the news_id parameter.
|
|||||
| CVE-2008-5097 | 1 Myfwb | 1 Myfwb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in MyFWB 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2008-4674 | 1 Conkurent | 1 Real Estate | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse mode.
|
|||||
| CVE-2008-0906 | 1 Php-nuke | 1 Php-nuke Module Docum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Docum module in PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle operation.
|
|||||
| CVE-2008-6693 | 2 Sebastian Baumann, Typo3 | 2 Sb Downloader, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Download system (sb_downloader) extension 0.1.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2008-4345 | 1 Webportal | 1 Webportal Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter.
|
|||||
| CVE-2008-3090 | 1 Blognplus | 1 Blognplus | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO GUN +) 2.5.5 MySQL and PostgreSQL editions allow remote attackers to execute arbitrary SQL commands via the (1) p, (2) e, (3) d, and (4) m parameters, a different vulnerability than CVE-2008-2819.
|
|||||
| CVE-2008-1789 | 1 Prozilla | 1 Forum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter.
|
|||||
| CVE-2008-0288 | 1 Imagealbum | 1 Imagealbum | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow remote attackers to execute arbitrary SQL commands via the id, which is not properly handled in (1) classes/IADomain.php, (2) classes/IACollection.php, and (3) classes/IAUser.php, as demonstrated via the id parameter in a collection.imageview action.
|
|||||
| CVE-2008-2337 | 1 Imgallery | 1 Imgallery | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php in, different vectors than CVE-2006-3163.
|
|||||
| CVE-2009-0750 | 2 Tombstone, Txtsql | 2 Smnews, Txtsql | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in the smNews example script for txtSQL 2.2 Final allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2008-6594 | 1 Network-publishing | 1 Rdf Newsfeed Export | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the cm_rdfexport extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-0943 | 1 Aeries | 1 Aeries Student Information System | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp.
|
|||||
| CVE-2009-4613 | 1 Netartmedia | 1 Real Estate Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-1751 | 1 Realtywebware | 1 Realty Web-base | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-2457 | 1 Bitmixsoft | 1 Php-jokesite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
|
|||||
| CVE-2008-0278 | 1 X7 Group | 1 X7 Chat | 2025-04-09 | 6.0 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action.
|
|||||
| CVE-2008-2454 | 1 Joomla | 1 Com Xsstream-dm | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) component 0.01 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the movie parameter to index.php.
|
|||||
| CVE-2007-6137 | 1 P3mbo | 1 Content Injector | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.php in Content Injector 1.52 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-7033 | 2 Galore, Joomla | 2 Com Simpleshop, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
|
|||||