Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2914 | 1 Preprojects | 1 Php Jobwebsite Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in jobseekers/JobSearch3.php (aka the search module) in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the (1) kw or (2) position parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-0279 | 1 Pardalcms | 1 Pardalcms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-3503 | 1 Bpowerhouse | 1 Bpholidaylettings | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters.
|
|||||
| CVE-2008-6116 | 2 Extrosoft, Joomla | 2 Com Thyme, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php.
|
|||||
| CVE-2008-0733 | 1 Cs Team | 1 Counter Strike Portal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in CS Team Counter Strike Portals allows remote attackers to execute arbitrary SQL commands via the id parameter, as demonstrated using the downloads page.
|
|||||
| CVE-2008-5875 | 2 Joomla, Joomlahbs | 3 Joomla, Com Lowcosthotels, Hotel Booking Reservation System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
|
|||||
| CVE-2008-0934 | 2 Nukec, Php-nuke | 2 Nukec, Nukec Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules.php in the NukeC 2.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id_catg parameter in a ViewCatg action.
|
|||||
| CVE-2007-4611 | 1 Dale Mooney | 1 Calendar Events | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewevent.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-6658 | 1 Customcms | 1 Ccms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page.
|
|||||
| CVE-2008-4666 | 1 Deeserver | 1 Ultimate Webboard | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 allows remote attackers to execute arbitrary SQL commands via the Category parameter.
|
|||||
| CVE-2008-4523 | 1 Ip Reg | 1 Ip Reg | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in IP Reg 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the user_name parameter.
|
|||||
| CVE-2007-4922 | 2 Jeuxflash, Kwsphp | 2 Jeuxflash Module, Kwsphp | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in play.php in the jeuxflash 1.0 module for KwsPHP allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a play ac action to index.php. NOTE: some details are obtained from third party information.
|
|||||
| CVE-2009-4551 | 1 Intesync | 1 Miniweb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php.
|
|||||
| CVE-2009-2924 | 1 Videosbroadcastyourself | 1 Videos Broadcast Yourself | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter to catvideo.php and (3) uid parameter to cviewchannels.php.
|
|||||
| CVE-2009-0429 | 1 Activewebsoftwares | 1 Active Bids | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php.
|
|||||
| CVE-2009-2619 | 1 Datachecknh | 1 V-spacepal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-2361 | 1 Osticket | 1 Osticket | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.
|
|||||
| CVE-2009-2605 | 1 Traidnt | 1 Traidnt Up | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.
|
|||||
| CVE-2008-4054 | 1 Kolifa | 1 Download Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in indir.php in Kolifa.net Download Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-7116 | 1 Webidsupport | 1 Webid | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username.
|
|||||
| CVE-2009-2122 | 2 Paolo Palmonari, Wordpress | 2 Photoracer Plugin For Wordpress, Wordpress | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewimg.php in the Paolo Palmonari Photoracer plugin 1.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-2902 | 1 Alstrasoft | 1 Askme Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085.
|
|||||
| CVE-2008-6430 | 1 Joomla | 2 Com Mycontent, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
|
|||||
| CVE-2008-5737 | 1 Nodstrum | 1 Mysql Calendar | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2008-0129 | 1 Siteatschool | 1 Siteatschool | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter.
|
|||||
| CVE-2008-6220 | 1 Cafuego | 1 Simple Document Management System | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter.
|
|||||
| CVE-2009-1509 | 1 Myiosoft | 1 Ajaxportal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2008-4765 | 1 Oscommerce | 2 Online Merchant, Poll Booth | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth Add-On 2.0 allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results operation. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
|
|||||
| CVE-2008-6627 | 1 Webbdomain | 1 Webshop | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, 1.1, 1.02, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
|||||
| CVE-2008-6358 | 1 Socialgroupie | 1 Social Groupie | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in group_index.php in Social Groupie allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-3259 | 1 Thomas Cuchta | 1 Rash | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in RASH Quote Management System (RQMS) 1.2.2 allow remote attackers to execute arbitrary SQL commands via (1) the search parameter in a search action, (2) the quote parameter in a quote addition, or (3) a User_Name cookie in unspecified administrative actions. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6380 | 1 Activewebsoftwares | 1 Active Web Helpdesk | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
|
|||||
| CVE-2008-6153 | 1 Jayeshp | 1 Pixel8 Web Photo Album | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo Album 3.0 allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter.
|
|||||
| CVE-2008-0491 | 1 Fgallery Project | 1 Fgallery | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter.
|
|||||
| CVE-2008-2489 | 1 Typo3 | 1 Sg Zfelib | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input."
|
|||||
| CVE-2008-2983 | 1 Cwh Underground | 1 Demo4 Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-3223 | 1 Inoutscripts | 1 Inout Adserver | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver allows remote authenticated users to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6019 | 1 Do-cms | 1 Do-cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-1468 | 1 Icewarp | 2 Email Server, Webmail Server | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query.
|
|||||
| CVE-2008-6349 | 1 Turnkeyforms | 1 Business Survey Pro | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in survey_results_text.php in TurnkeyForms Business Survey Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||