Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3749 | 1 Yourfreeworld | 1 Banner Management Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-4581 | 1 Wbb2-addon | 1 Acrotxt | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 allows remote attackers to execute arbitrary SQL commands via the show parameter.
|
|||||
| CVE-2009-2013 | 1 Frontisgroup | 1 Frontis | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attackers to execute arbitrary SQL commands via the source_class parameter in a browse_classes action.
|
|||||
| CVE-2008-6451 | 1 Jportal | 1 Jportal | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in humor.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2004-2036 or CVE-2005-3509.
|
|||||
| CVE-2009-4550 | 2 Joomla, Kunena | 2 Joomla\!, Kunena Forum | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php.
|
|||||
| CVE-2008-3713 | 1 Phpbasket | 1 Phpbasket | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in product.php in PHPBasket allows remote attackers to execute arbitrary SQL commands via the pro_id parameter.
|
|||||
| CVE-2009-1049 | 1 Kamads | 1 Bloginator | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-2803 | 1 Vizayn Urun | 1 Tanitim Sitesi | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action.
|
|||||
| CVE-2008-2521 | 1 Yabsoft | 1 Mega File Hosting Script | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter.
|
|||||
| CVE-2008-2792 | 1 Erocms | 1 Erocms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in eroCMS 1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the site parameter.
|
|||||
| CVE-2007-6392 | 1 Dominion Web | 1 Dwdirectory | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in DWdirectory 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter to the /search URI.
|
|||||
| CVE-2008-0301 | 1 Mapbender | 1 Mapbender | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote attackers to execute arbitrary SQL commands via the gaz parameter to mod_gazetteer_edit.php and other unspecified vectors.
|
|||||
| CVE-2008-4494 | 1 Torrenttrader | 1 Torrenttrader | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in completed-advance.php in TorrentTrader Classic 1.08 and 1.04 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-1816 | 1 Mygamescript | 1 My Game Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-4628 | 1 Mywebland | 1 Minibloggie | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 allows remote attackers to execute arbitrary SQL commands via the post_id parameter.
|
|||||
| CVE-2007-4804 | 1 Auracms | 1 Auracms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) hal.php, (2) cetak.php, (3) lihat.php, (4) pesan.php, and (5) teman.php, different vectors than CVE-2007-4171. NOTE: the scripts may be accessed through requests to the product's top-level default URI, using the pilih parameter, in some circumstances.
|
|||||
| CVE-2009-4045 | 1 Frontaccounting | 1 Frontaccounting | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in FrontAccounting (FA) before 2.1.7 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to various .inc and .php files in (1) reporting/, (2) sales/, (3) sales/includes/, (4) sales/includes/db/, (5) sales/inquiry/, (6) sales/manage/, (7) sales/view/, (8) taxes/, and (9) taxes/db/.
|
|||||
| CVE-2007-5458 | 1 Alorys-hebergement | 2 Kwsphp, Newsletter Module | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.
|
|||||
| CVE-2008-2189 | 1 Anserv | 1 Auction Xl | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in viewfaqs.php in AnServ Auction XL allows remote attackers to execute arbitrary SQL commands via the cat parameter.
|
|||||
| CVE-2008-4599 | 1 Mosaic Commerce | 1 Mosaic Commerce | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in category.php in Mosaic Commerce allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2008-3420 | 1 Willo | 1 Mobius Web Publishing Software | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 1.4.4.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to browse.php or (2) the s parameter in an exhibitions action to detail.php.
|
|||||
| CVE-2008-2194 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter.
|
|||||
| CVE-2007-5316 | 1 Softbizscripts | 1 Softbiz Jobs And Recruitment Script | 2025-04-09 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in browsecats.php in Softbiz Jobs and Recruitment Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2008-0685 | 1 Itechscripts | 1 Itechclassifieds | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.
|
|||||
| CVE-2009-2242 | 1 Aaronoutpost | 1 Asp Inline Corporate Calendar | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter.
|
|||||
| CVE-2008-7071 | 1 Chipmunk-scripts | 1 Chipmunk Topsites | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to execute arbitrary SQL commands via the username parameter, related to login.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-5797 | 1 Typo3 | 2 Advcalendar Extension, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-5074 | 1 Php-fusion | 2 Freshlinks Module, Php-fusion | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
|
|||||
| CVE-2009-3968 | 1 Itechscripts | 1 Itechbids | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238.
|
|||||
| CVE-2008-1750 | 1 Livecart | 1 Livecart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI.
|
|||||
| CVE-2008-6401 | 1 Jetik | 1 Jetik-web | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote attackers to execute arbitrary SQL commands via the kat parameter.
|
|||||
| CVE-2009-3332 | 2 Joomla, Sopinet | 2 Joomla, Com Jbudgetsmagic | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) component 0.3.2 through 0.4.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the bid parameter in a mybudget action to index.php.
|
|||||
| CVE-2008-2963 | 1 Myblog | 1 Myblog | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in MyBlog allow remote attackers to execute arbitrary SQL commands via the (1) view parameter to (a) index.php, and the (2) id parameter to (b) member.php and (c) post.php.
|
|||||
| CVE-2008-5766 | 1 Fascript | 1 Faupload | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in download.php in Farsi Script Faupload allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2009-2232 | 1 Softbizscripts | 1 Banner Ad Management Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-1346 | 1 Interguias | 1 Nethoteles | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 allows remote attackers to execute arbitrary SQL commands via the id_establecimiento parameter.
|
|||||
| CVE-2008-2897 | 1 Pagesquid | 1 Pagesquid Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
|||||
| CVE-2007-5452 | 1 Php-stats | 1 Php-stats | 2025-04-09 | 10.0 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter.
|
|||||
| CVE-2008-4175 | 1 Linkbidscript | 1 Linkbidscript | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php.
|
|||||
| CVE-2008-1919 | 1 Yourfreeworld | 1 Apartment Search Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in listtest.php in YourFreeWorld Apartment Search Script allows remote attackers to execute arbitrary SQL commands via the r parameter.
|
|||||