Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6622 | 1 Zeuscms | 1 Zeuscms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.
|
|||||
| CVE-2008-3053 | 1 Typo3 | 1 Sql Frontend Extension | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension 1.0.11 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-0449 | 1 Rocksalt International | 1 Vp Asp | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2010-0329 | 2 Alex Kellner, Typo3 | 2 Powermail, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the powermail extension 1.5.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to the "SQL selection field" and "typoscript."
|
|||||
| CVE-2008-4570 | 1 Real-estate-scripts | 1 Real-estate-scripts | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2007-4456 | 2 Mambo, Parkview Consultants | 2 Mambo, Simplefaq | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo.
|
|||||
| CVE-2008-6460 | 2 Mirko Werner, Typo3 | 2 Mw Random Objects, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-6324 | 1 Cfmsource | 1 Cf Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forummessages.cfm in CF_Forum allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter.
|
|||||
| CVE-2008-2569 | 1 Joomla | 1 Easybook Component | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the EasyBook (com_easybook) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a deleteentry action to index.php.
|
|||||
| CVE-2008-7169 | 2 Jabode, Joomla | 2 Com Jabode, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Jabode horoscope extension (com_jabode) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a sign task to index.php.
|
|||||
| CVE-2007-4602 | 1 Implied By Design | 1 Micro Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS (Micro-CMS) 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-1350 | 1 Fully Modded Phpbb | 1 Fully Modded Phpbb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action.
|
|||||
| CVE-2008-0468 | 1 Flinx | 1 Flinx | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6989 | 1 Ezphotogallery | 1 Ezphotogallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2008-3718 | 1 Cyberbb | 1 Cyberbb | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter to show_topic.php and the (2) user parameter to profile.php.
|
|||||
| CVE-2008-5634 | 1 Activewebsoftwares | 1 Active Force Matrix | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in account.asp in Active Force Matrix 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-2862 | 1 Elinestudio | 1 Site Composer | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.
|
|||||
| CVE-2008-5777 | 1 Cadenix | 1 Cadenix | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in CadeNix allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2008-3720 | 1 Deeemm | 1 Dmcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679.
|
|||||
| CVE-2008-4161 | 1 Assetman | 1 Assetman | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action.
|
|||||
| CVE-2008-5069 | 1 Deeserver | 1 Panuwat Promoteweb Mysql | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-5226 | 3 Joomla, Mambads, Mambo | 3 Joomla, Mambads, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.
|
|||||
| CVE-2008-6301 | 2 Phpbb, Prezmo | 2 Phpbb, Small Shoutbox | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox module 1.4 for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter in a delete action.
|
|||||
| CVE-2008-5309 | 1 Netart Media | 1 Real Estate Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 allows remote attackers to execute arbitrary SQL commands via the ad_id parameter in the re_send_email module to index.php.
|
|||||
| CVE-2008-6986 | 1 Zen-cart | 1 Zen Cart | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the products_id array parameter in a multiple_products_add_product action, a different vulnerability than CVE-2008-6985.
|
|||||
| CVE-2008-3200 | 1 Easy-script | 1 Avlc Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in vlc_forum.php in Avlc Forum as of 20080715 allows remote attackers to execute arbitrary SQL commands via the id parameter in an affich_message action.
|
|||||
| CVE-2009-4399 | 2 Fr.simon Rundell, Typo3 | 2 Hs Religiousartgallery, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-3059 | 1 Allpublication | 1 Jboard | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) core/select.php or (2) the city parameter to top_add.inc.php, reachable through sboard.php.
|
|||||
| CVE-2008-2556 | 1 Hessel Brouwer | 1 Php Visit Counter | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action.
|
|||||
| CVE-2008-4369 | 1 Availscript | 1 Availscript Photo Album | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter.
|
|||||
| CVE-2008-6261 | 1 E-topbiz | 1 Admanager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.php in E-topbiz AdManager 4 allows remote attackers to execute arbitrary SQL commands via the group parameter.
|
|||||
| CVE-2008-4457 | 1 Memht | 1 Memht Portal | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal 3.9.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a stats_res cookie to index.php.
|
|||||
| CVE-2008-5934 | 1 Cmsisweb | 1 Cms Isweb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows remote attackers to execute arbitrary SQL commands via the id_sezione parameter.
|
|||||
| CVE-2009-2782 | 2 Jfusion, Joomla | 2 Com Jfusion, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
|
|||||
| CVE-2008-4777 | 2 Joomla, Mambo | 3 Com Lms, Joomla, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.
|
|||||
| CVE-2008-2643 | 1 Joomla | 1 Com Biblestudy | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.
|
|||||
| CVE-2008-1732 | 1 Predictionfootball | 1 Predictionfootball | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action.
|
|||||
| CVE-2008-1859 | 1 Iscripts | 1 Socialware | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
|
|||||
| CVE-2007-6375 | 1 Bitweaver | 1 Bitweaver | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to wiki/list_pages.php and the (2) highlight parameter to search/index.php. NOTE: the researcher also reported injection via JavaScript code in the Search box, but this is probably a forced SQL error or other separate primary issue.
|
|||||
| CVE-2008-2501 | 1 Henning Stoverud | 1 Phphotoalbum | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) album parameter to thumbnails.php and the (2) pid parameter to displayimage.php.
|
|||||