Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-6557 | 1 Megacheatz | 1 Megacheatz | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote attackers to execute arbitrary SQL commands via the ItemID parameter to (1) comments.php, (2) view.php, (3) siteadmin/ViewItem.php, and unspecified other vectors.
|
|||||
| CVE-2007-6125 | 1 Softbiz | 1 Freelancers Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter.
|
|||||
| CVE-2007-2997 | 1 Salescart | 1 Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating "We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product.
|
|||||
| CVE-2008-2094 | 1 Xoops | 1 Article Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6887 | 1 Preprojects | 1 Pre Classified Listings | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter.
|
|||||
| CVE-2009-3712 | 1 Ebayclonescript | 1 Ebay Clone | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php; and the item_id parameter to (2) view_full_size.php, (3) classifide_ad.php, and (4) crosspromoteitems.php.
|
|||||
| CVE-2008-0855 | 2 Joomla, Mambo | 2 Com Facileforms, Com Facileforms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
|
|||||
| CVE-2008-2484 | 1 Xomol | 1 Xomol Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in Xomol CMS 1.20071213, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the email parameter.
|
|||||
| CVE-2007-6719 | 1 Inspector It | 1 Wiz-ad | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-2290 | 2 Joomla, Kim Eckert | 2 Joomla\!, Com Bsadv | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php.
|
|||||
| CVE-2008-0256 | 1 Matteo Binda | 1 Asp Photo Gallery | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.
|
|||||
| CVE-2008-4171 | 1 Invision Power Services | 1 Invision Power Board | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter.
|
|||||
| CVE-2007-4846 | 1 Webace | 1 Webace-linkscript | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in start.php in Webace-Linkscript (wls) 1.3 Special Edition (SE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik go action.
|
|||||
| CVE-2008-5804 | 1 E-topbiz | 1 Number Links 1 Php Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/admin_catalog.php in e-topbiz Number Links 1 Php Script allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action.
|
|||||
| CVE-2008-6873 | 1 Activewebsoftwares | 1 Active Web Mail | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the TabOpenQuickTab1 parameter to (1) popaccounts.aspx, (2) addressbook.aspx, and (3) emails.aspx.
|
|||||
| CVE-2008-5796 | 1 Typo3 | 2 Eluna Page Comments Extension, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-3497 | 1 Myphp Cms | 1 Myphp Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
|
|||||
| CVE-2007-6472 | 1 Phpmyrealty | 1 Phpmyrealty | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 allow (1) remote attackers to execute arbitrary SQL commands via the type parameter to search.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the listing_updated_days parameter to admin/findlistings.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-0847 | 1 Xoops | 1 Mytopics | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in print.php in the myTopics module for XOOPS allows remote attackers to execute arbitrary SQL commands via the articleid parameter.
|
|||||
| CVE-2008-3554 | 1 Comsenz | 1 Discuz | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action.
|
|||||
| CVE-2008-5496 | 1 Pozscripts | 1 Business Directory Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showcategory.php in PozScripts Business Directory Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2008-6695 | 2 Frank Naegler, Typo3 | 2 Timtab Sociable, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in TIMTAB social bookmark icons (timtab_sociable) 2.0.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2009-4337 | 2 Simon Rundell, Typo3 | 2 Pd Calendar Today, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Diocese of Portsmouth Calendar (pd_calendar) extension 0.4.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2008-6691.
|
|||||
| CVE-2008-4464 | 1 Vastal I-tech | 1 Mag Zone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view_mags.php in Vastal I-Tech Mag Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
|
|||||
| CVE-2007-6391 | 1 Sh-news | 1 Sh-news | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in patch/comments.php in SH-News 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-0873 | 1 Jlmzone | 1 Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action.
|
|||||
| CVE-2008-6461 | 2 Fr.simon Rundell, Typo3 | 2 Ste Prayer2, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension before 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-3725 | 1 Yourfreeworld | 1 Ad Board Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-4524 | 1 Adaptcms | 1 Adaptcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the "Check User" feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter.
|
|||||
| CVE-2008-3774 | 1 Simasy | 1 Simasy Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Simasy CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-4095 | 1 Bsm Store | 1 Dependent Forums | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows remote attackers to execute arbitrary SQL commands via a Username field in an unspecified component, probably the FrmUserName parameter in login.asp.
|
|||||
| CVE-2007-0350 | 1 Sme | 1 Filemailer | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346.
|
|||||
| CVE-2008-4460 | 1 Vastal I-tech | 1 Mmorpg Zone | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the game_id parameter.
|
|||||
| CVE-2009-2096 | 1 David Degner | 1 Phpcollegeexchange | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in house/listing_view.php in phpCollegeExchange 0.1.5c allows remote attackers to execute arbitrary SQL commands via the itemnr parameter.
|
|||||
| CVE-2007-5836 | 1 Afcommerce | 1 Afcommerce | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Amazing Flash AFCommerce allows remote attackers to execute arbitrary SQL commands via the firstname parameter to an unspecified component, a different issue than CVE-2006-3794. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6152 | 1 Sepcity | 1 Faculty Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Portal allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: this was originally reported for Lawyer Portal, which does not have a deptdisplay.asp file.
|
|||||
| CVE-2009-1945 | 1 Tzo | 1 Webcal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 allows remote attackers to execute arbitrary SQL commands via the event_id parameter.
|
|||||
| CVE-2009-2790 | 1 Softbiz | 1 Dating Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in cat_products.php in SoftBiz Dating Script allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: this might overlap CVE-2006-3271.4.
|
|||||
| CVE-2009-2775 | 1 Phparcadescript | 1 Phparcadescript | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-5061 | 1 Clansphere | 1 Clansphere | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mods/banners/navlist.php in Clansphere 2007.4 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php in a banners action.
|
|||||