Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1513 | 1 Danneo | 1 Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header.
|
|||||
| CVE-2008-5775 | 1 Apertoblog | 1 Apertoblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-4623 | 2 Joomla, Martin Diphoorn | 2 Joomla, Com Ds-syndicate | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) component 1.1.1 for Joomla allows remote attackers to execute arbitrary SQL commands via the feed_id parameter to index2.php.
|
|||||
| CVE-2008-6068 | 2 Joomla, Web Design Hero | 2 Joomla, Joomladate | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JoomlaDate (com_joomladate) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a viewProfile action to index.php.
|
|||||
| CVE-2009-1818 | 1 Maxcms | 1 Maxcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via an m_username cookie in an add action.
|
|||||
| CVE-2009-4350 | 1 Boldfx | 1 Arctic Issue Tracker | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 allows remote attackers to execute arbitrary SQL commands via the (1) matchings[id] or (2) matchings[title] parameters in a Login action to an unspecified program, or (3) the matchings[id] parameter in a search action to index.php, a different vector than CVE-2008-3250. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-6014 | 1 Beehive Forum | 1 Beehive Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t_dedupe parameter.
|
|||||
| CVE-2009-1508 | 1 Keir Davis | 1 X-forum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the xforum_validateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookie_username parameter to Configure.php.
|
|||||
| CVE-2009-1848 | 2 Joomla, Joomlame | 2 Joomla, Com Agoragroup | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php.
|
|||||
| CVE-2008-2925 | 1 Valarsoft | 1 Webmatic | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Webmatic before 2.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-1277 | 1 Gravityboardx | 1 Gravity Board X | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2.
|
|||||
| CVE-2009-3418 | 1 Plume-cms | 1 Plume Cms | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manager/tools.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5333 | 1 Nitrotech | 1 Nitrotech | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in members.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6210 | 1 Dream4 | 1 Koobi | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in dream4 Koobi 4.4 and 5.4 allows remote attackers to execute arbitrary SQL commands via the img_id parameter in the gallerypic page.
|
|||||
| CVE-2008-3750 | 1 Yourfreeworld | 1 Url Rotator Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-4263 | 1 Ptcpay | 1 Gen3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2008-6663 | 1 Phpauctions | 1 Phpauctions | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106.
|
|||||
| CVE-2008-1714 | 1 Fascript | 1 Faphoto | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-0879 | 1 Phpnuke | 1 Web Links Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.
|
|||||
| CVE-2008-5195 | 1 Sebrac | 1 Sebraccms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors.
|
|||||
| CVE-2007-4892 | 1 Swsoft | 1 Plesk | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, 8.1.1, and 8.2.0 for Windows allow remote attackers to execute arbitrary SQL commands via a PLESKSESSID cookie to (1) login.php3 or (2) auth.php3.
|
|||||
| CVE-2009-1506 | 1 Intelliants | 1 Elitius | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to banner-details.php.
|
|||||
| CVE-2009-1345 | 1 Cpcommerce | 1 Cpcommerce | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
|
|||||
| CVE-2009-2394 | 2 Mr Saphp Arabic Mobile, Smspages | 2 Messages Library, Smspages | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp Arabic Script Mobile (aka Messages Library) 2.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
|
|||||
| CVE-2008-5974 | 1 Activewebsoftwares | 1 Active Price Comparison | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields.
|
|||||
| CVE-2008-0601 | 1 All Club Cms | 1 All Club Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter.
|
|||||
| CVE-2008-4073 | 1 Zanfi Solutions | 1 Autodealers Cms Autonline | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action.
|
|||||
| CVE-2009-4256 | 1 Truesolution | 1 Alefmentor | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-1799 | 1 Sebastian-thiele | 1 St-gallery | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) gallery_category or (2) gallery_show parameter to example.php.
|
|||||
| CVE-2009-0593 | 1 Plxwebdev | 1 Plx Auto Reminder | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in members.php in plx Auto Reminder 3.7 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a newar action.
|
|||||
| CVE-2008-6525 | 1 Nicephpscripts | 1 Nice Php Faq Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script (Knowledge base Script) allows remote attackers to execute arbitrary SQL commands via the Password parameter (aka the pass field).
|
|||||
| CVE-2008-7085 | 1 Thehockeystop | 1 Hockeystats Online | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php.
|
|||||
| CVE-2008-0397 | 1 Aflog.org | 1 Aflog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to comments.php and (2) an unspecified parameter to view.php.
|
|||||
| CVE-2008-4202 | 1 Gonafish | 1 Linkscaffepro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 allows remote attackers to execute arbitrary SQL commands via the idd parameter in a deadlink action.
|
|||||
| CVE-2008-4656 | 1 Typo3 | 2 Frontend Users View, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-3026 | 1 Oneclick Cms | 1 Oneclick Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-0707 | 1 Powerscripts | 1 Powerclan | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-3965 | 1 Mybb | 1 Mybb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.4.1 allows remote attackers to execute arbitrary SQL commands via a certain editor field.
|
|||||
| CVE-2008-3039 | 1 Typo3 | 1 Dam Frontend Extension | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-5190 | 1 Eshop100 | 1 Eshop100 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter.
|
|||||