Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5163 | 1 Theratstudios | 1 The Rat Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewarticle.php and (2) viewarticle2.php.
|
|||||
| CVE-2008-7208 | 1 Insane Visions | 1 Onecms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php.
|
|||||
| CVE-2008-2906 | 1 Webchamado | 1 Webchamado | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the tsk_id parameter.
|
|||||
| CVE-2007-5371 | 1 Modxcms | 1 Modxcms | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in mutate_content.dynamic.php in MODx 0.9.6 allow remote attackers to execute arbitrary SQL commands via the (1) documentDirty or (2) modVariables parameter.
|
|||||
| CVE-2009-1626 | 1 Will Kraft | 1 Ez-blog | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
|||||
| CVE-2008-1843 | 1 W2b | 1 Dating Club | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in browse.php in W2B DatingClub (aka Dating Club) allows remote attackers to execute arbitrary SQL commands via the age_to parameter in a browsebyCat action.
|
|||||
| CVE-2008-5841 | 1 Igamingcms | 1 Igaming Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action.
|
|||||
| CVE-2008-2393 | 1 Entertainmentscript | 1 Entertainmentscript | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-0607 | 3 Joomla, Mambo, Sigsiu.net | 3 Com Sobi2, Com Sobi2, Sobi2 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) 2.5.3 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2008-6260 | 1 Ultrastats | 1 Ultrastats | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Ultrastats 0.2.144 and 0.3.11 allows remote attackers to execute arbitrary SQL commands via the serverid parameter.
|
|||||
| CVE-2008-0422 | 1 Boastmachine | 1 Boastmachine | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-5609 | 1 Typo3 | 2 Commerce Extension, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2009-0332 | 1 Avbooklibrary | 1 Avbooklibrary | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components.
|
|||||
| CVE-2008-0487 | 1 The Net Guys | 1 Aspired2protect | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2007-5719 | 1 Minibb | 1 Minibb | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows remote attackers to execute arbitrary SQL commands via the table parameter to index.php.
|
|||||
| CVE-2008-7049 | 1 Natterchat | 1 Natterchat | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due to lack of details, it is not clear whether this is related to CVE-2004-2206.
|
|||||
| CVE-2009-4477 | 1 Xstate | 1 Real Estate | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.
|
|||||
| CVE-2009-2308 | 2 Punbb, Punres | 2 Punbb, Affiliates Mod | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter.
|
|||||
| CVE-2008-0714 | 1 Mihalism | 1 Multi Host | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in users.php in Mihalism Multi Host allows remote attackers to execute arbitrary SQL commands via the username parameter in a lost_password_go action.
|
|||||
| CVE-2008-6102 | 1 Ezonescripts | 1 Link Trader Script | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ratelink.php in Link Trader Script allows remote attackers to execute arbitrary SQL commands via the lnkid parameter.
|
|||||
| CVE-2008-6142 | 1 China-on-site | 1 Flexphpic | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.
|
|||||
| CVE-2009-4394 | 2 Fr.simon Rundell, Typo3 | 2 Ste Prayer2, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) extension 0.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
|||||
| CVE-2008-0692 | 1 Itechscripts | 1 Itechbids | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and 5.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter.
|
|||||
| CVE-2008-6787 | 1 Jeremy Powers | 1 Lizardware Cms | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in administrator/index.php in Lizardware CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user.
|
|||||
| CVE-2009-2776 | 1 Sellatsite.com | 1 Smart Asp Survey | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in showresult.asp in Smart ASP Survey allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2009-1453 | 1 Anoochit Chalothorn | 1 Tiny Blogr | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 rc4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the txtUsername parameter (aka the Username field). NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2008-4760 | 1 Graphiks | 1 Myforum | 2025-04-09 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2008-6438 | 2 E107, E107coders | 2 E107, Macguru Blog Engine Plugin | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.
|
|||||
| CVE-2007-4956 | 1 Kwsphp | 1 Kwsphp | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in the Member_Space (espace_membre) module, or (3) the typenav parameter to index.php in a browser aff action in the stats module.
|
|||||
| CVE-2007-4207 | 1 Kerberosdev | 1 Gallery In A Box | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin_console/index.asp in Gallery In A Box allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: these fields might be associated with the txtUsername and txtPassword parameters.
|
|||||
| CVE-2008-6046 | 1 Adbnewssender Project | 1 Adbnewssender | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in ADbNewsSender before 1.5.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) opt_in_out.php.inc, (2) confirmation.php.inc, and (3) renewal.php.inc in mailinglist/.
|
|||||
| CVE-2008-0603 | 3 Amazoop, Joomla, Mambo | 3 Awesom, Com Awesom, Com Awesom | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in the amazOOP Awesom! (com_awesom) 0.3.2component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter in a viewlist task.
|
|||||
| CVE-2009-3446 | 2 Joomla, Rick Estrada | 2 Joomla, Com Mytube | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php.
|
|||||
| CVE-2008-0922 | 1 Php-nuke | 1 Manuales | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php.
|
|||||
| CVE-2007-2230 | 1 Broadcom | 1 Cleverpath Portal | 2025-04-09 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and possibly other vectors.
|
|||||
| CVE-2008-3767 | 1 Smartisoft | 1 Phpbazar | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
|
|||||
| CVE-2008-2135 | 1 Visualshapers | 1 Ezcontents | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in VisualShapers ezContents 2.0.0 allow remote attackers to execute arbitrary SQL commands via the (1) contentname parameter to showdetails.php and the (2) article parameter to printer.php.
|
|||||
| CVE-2009-1851 | 1 Benjamin Curtis | 1 Phpbugtracker | 2025-04-09 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
|||||
| CVE-2009-2142 | 1 Zipstore | 1 Zip Store Chat | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters.
|
|||||
| CVE-2007-6577 | 1 Zsuite | 1 Zblog | 2025-04-09 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the categ parameter in a categ action or (2) the article parameter in an articles action.
|
|||||