Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2093 | 1 Ibm | 1 Websphere Partner Gateway | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in the console in IBM WebSphere Partner Gateway (WPG) Enterprise 6.0 before FP8, 6.1 before FP3, 6.1.1 before FP2, and 6.2 before FP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-2016 | 1 Virtuenetz | 1 Virtue Shopping Mall | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in products.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
|||||
| CVE-2008-5803 | 1 E-topbiz | 1 Online Store | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-0863 | 1 Matteoiammarrone | 1 S-cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-6663 | 2 Joomla, Pragmatic Utopia | 2 Joomla, Pu Arcade | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php.
|
|||||
| CVE-2008-3948 | 1 Xrms | 1 Xrms Crm | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors.
|
|||||
| CVE-2008-4357 | 1 Powie | 1 Plink | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-4459 | 1 Extrovert Software | 1 Thyme | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in pick_users.php in the groups module in eXtrovert Thyme 1.3 allows remote attackers to execute arbitrary SQL commands via the uname_search parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-3131 | 1 Powie | 1 Psys | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showid parameter.
|
|||||
| CVE-2009-3335 | 2 Joomla, Turtus | 2 Joomla\!, Turtushout | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the TurtuShout component 0.11 for Joomla! allows remote attackers to execute arbitrary SQL commands via the Name field.
|
|||||
| CVE-2009-3118 | 1 Danneo | 1 Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the comtext parameter, in conjunction with crafted comname and comtitle parameters, in a poll action to index.php, related to incorrect input sanitization in base/danneo.function.php.
|
|||||
| CVE-2009-4474 | 2 Mambo-foundation, Mikedeboer | 2 Mambo, Com Zoom | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.
|
|||||
| CVE-2008-2700 | 1 Gwm | 1 Galatolo Webmanager | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-6318 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.
|
|||||
| CVE-2007-6311 | 1 Falt4 Cms | 1 Falt4 Extreme Rc4 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in (1) index.php, and possibly (2) admin/index.php, in Falt4Extreme RC4 10.9.2007 allows remote attackers to execute arbitrary SQL commands via the nav_ID parameter.
|
|||||
| CVE-2009-2883 | 1 Arabless | 1 Saphplesson | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.
|
|||||
| CVE-2009-2014 | 1 Joomla | 2 Com School, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php.
|
|||||
| CVE-2008-0561 | 3 Arthur Konze Webdesign, Joomla, Mambo | 3 Akogallery, Joomla, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Arthur Konze AkoGallery (com_akogallery) 2.5 beta component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action.
|
|||||
| CVE-2008-0881 | 1 Phpnuke | 1 Okul Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules.php in the Okul 1.0 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the okulid parameter in an okullar action.
|
|||||
| CVE-2008-6457 | 2 Typo3, Walnutstreet | 2 Typo3, Cgswigmore | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Swigmore institute (cgswigmore) extension before 0.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-2823 | 1 Phpeasynews | 1 Phpeasyblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in newsarchive.php in PHPeasyblog (formerly phpeasynews) 1.13 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.
|
|||||
| CVE-2008-2996 | 1 Gravityboardx | 1 Gravity Board X | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in index.php in Gravity Board X (GBX) 2.0 Beta, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchquery parameter in a getsearch action, and the (2) board_id parameter in a viewboard action.
|
|||||
| CVE-2007-6517 | 1 Aeries | 1 Aeries Browser Interface | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the forget password section (LostPwd.asp) in Eagle Software Aeries Browser Interface (ABI) 3.7.9.17 allows remote attackers to execute arbitrary SQL commands via the EmailAddress parameter. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-2628 | 2 Joomla, Ron Liskey | 2 Joomla, Com Equotes | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the eQuotes (com_equotes) component 0.9.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
|
|||||
| CVE-2008-3370 | 1 Emc | 1 Centera Universal Access | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the CUA Login Module in EMC Centera Universal Access (CUA) 4.0_4735.p4 allows remote attackers to execute arbitrary SQL commands via the user (user name) field.
|
|||||
| CVE-2007-5887 | 1 Infuseum | 1 Asp Message Board | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in boards/printer.asp in ASP Message Board 2.2.1c allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-5574 | 1 Unscripts | 1 Webmaster Marketplace | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in member.php in Webmaster Marketplace allows remote attackers to execute arbitrary SQL commands via the u parameter.
|
|||||
| CVE-2009-2779 | 1 Ajsquare | 1 Aj Matrix Dna | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action.
|
|||||
| CVE-2008-2774 | 1 Cartkeeper | 1 Ckgold Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in item.php in CartKeeper CKGold Shopping Cart 2.5 and 2.7 allows remote attackers to execute arbitrary SQL commands via the category_id parameter, a different vector than CVE-2007-4736.
|
|||||
| CVE-2008-5003 | 1 Shahrood | 1 Shahrood | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ndetail.php in Shahrood allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2007-5308 | 1 Php Homepage M | 1 Php Homepage M | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in galerie.php in PHP Homepage M (phpHPm) 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.
|
|||||
| CVE-2007-5402 | 1 Layton Technology | 1 Helpbox | 2025-04-09 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow (1) remote attackers to execute arbitrary SQL commands via the sys_request_id parameter to editrequestenduser.asp; and allow remote authenticated users to execute arbitrary SQL commands via (2) the oldpassword parameter to writepwdenduser.asp, and the sys_request_id parameter to (3) changerequeststatus.asp, (4) editrequestuser.asp, (5) requestcommentsuser.asp, and (6) useractions.asp, different vectors than CVE-2004-2551.
|
|||||
| CVE-2007-4777 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778.
|
|||||
| CVE-2008-0936 | 1 Xoops | 1 Prayer List Module | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Prayer List (prayerlist) 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action.
|
|||||
| CVE-2008-2183 | 1 Toocharger | 1 Smartblog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to execute arbitrary SQL commands via the idt parameter.
|
|||||
| CVE-2008-2919 | 1 Gryphonllc | 1 Gryphon Gllcts2 | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the sort parameter.
|
|||||
| CVE-2008-5054 | 1 Develop It Easy | 1 Membership System | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Develop It Easy Membership System 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters to customer_login.php and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2009-2365 | 1 Datachecknh | 1 Gallerypal Fe | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-5075 | 1 Scriptsfrenzy | 1 E-uploader Pro | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php.
|
|||||
| CVE-2008-2225 | 1 Gamecms | 1 Gamecms Lite | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in gameCMS Lite 1.0 allows remote attackers to execute arbitrary SQL commands via the systemId parameter.
|
|||||