Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4263 | 1 Envolution | 1 Envolution | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter.
|
|||||
| CVE-2006-2363 | 1 Limbo Cms | 1 Limbo Cms | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter.
|
|||||
| CVE-2005-4632 | 1 Vote Pro | 1 Vote Pro | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.
|
|||||
| CVE-2005-4500 | 1 Musicbox | 1 Musicbox | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in MusicBox 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) show and (2) type parameter. NOTE: the provenance of this information is unknown, although it was later rediscovered.
|
|||||
| CVE-2003-1504 | 1 Goldscripts | 1 Goldlink | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php.
|
|||||
| CVE-2006-3430 | 2 Lumension, Novell | 2 Patchlink Update Server, Zenworks | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.
|
|||||
| CVE-2005-4246 | 1 Plogger | 1 Plogger | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter.
|
|||||
| CVE-2004-2716 | 1 Php Heaven | 1 Phpmychat | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.
|
|||||
| CVE-2003-1530 | 1 Phpbb | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.
|
|||||
| CVE-2005-3744 | 1 Phpcomasy | 1 Phpcomasy | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in phpComasy 0.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: an examination of the 0.7.5 source code suggests that there is no id parameter being handled directly by index.php.
|
|||||
| CVE-2002-2391 | 2 Webchat.org, Xoops | 2 Webchat, Xoops | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php of WebChat 1.5 included in XOOPS 1.0 allows remote attackers to execute arbitrary SQL commands via the roomid parameter.
|
|||||
| CVE-2006-0205 | 1 Wordcircle | 1 Wordcircle | 2025-04-03 | 5.1 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts.
|
|||||
| CVE-2005-4199 | 1 Mybb | 1 Mybb | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php.
|
|||||
| CVE-2005-4349 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-03 | 6.5 MEDIUM | 6.3 MEDIUM |
|
SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely rel ...
Show More |
|||||
| CVE-2003-1523 | 1 Dbmail | 1 Dbmail | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows remote attackers to execute arbitrary SQL commands via the (1) login username, (2) mailbox name, and possibly other attack vectors.
|
|||||
| CVE-2006-1278 | 1 Upoint | 1 \@1 File Store | 2025-04-03 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and ...
Show More |
|||||
| CVE-2006-1978 | 1 Flexbb | 1 Flexbb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_username COOKIE parameter.
|
|||||
| CVE-2005-4011 | 1 Codewalkers | 1 Ltwcalendar | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2, 4.1.3, and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-0160 | 1 Venom Board | 1 Venom Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in add_post.php3 in Venom Board 1.22 allows remote attackers to execute arbitrary SQL commands via the (1) parent, (2) root, and (3) topic_id parameters to post.php3.
|
|||||
| CVE-2004-2737 | 1 Netsupport | 1 Dna Helpdesk | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter.
|
|||||
| CVE-2006-0240 | 1 8pixel.net | 1 Simple Blog | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote attackers to execute arbitrary SQL commands via the month parameter in an archives view operation and possibly certain other parameters in unspecified scripts.
|
|||||
| CVE-2002-0999 | 1 Care 2002 | 1 Care 2002 | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unauthorized database operations.
|
|||||
| CVE-2003-1532 | 1 Julien Desaunay | 1 Phpmyshop | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows remote attackers to execute arbitrary SQL commands via the (1) identifiant and (2) password parameters.
|
|||||
| CVE-2005-3996 | 1 Zen-cart | 1 Zen Cart | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter.
|
|||||
| CVE-2003-1244 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
|
|||||
| CVE-2006-0115 | 1 Oneplug Solutions | 1 Oneplug Cms | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp.
|
|||||
| CVE-2006-2416 | 1 E107 | 1 E107 | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name'].
|
|||||
| CVE-2006-0269 | 1 Oracle | 1 Oracle10g | 2025-04-03 | 5.5 MEDIUM | N/A |
|
Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the SET_DIRECTORY_ROOT function in the DBMS_CDC_PUBLISH package.
|
|||||
| CVE-2005-4495 | 1 Spiremedia | 1 Mx7 | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitrary SQL commands via the cid parameter. NOTE: the vendor has disputed this issue, stating "This information is incorrect, unproven, and potentially slanderous." However, CVE and OSVDB have both performed additional research that suggests that this might be path disclosure from invalid SQL syntax
|
|||||
| CVE-2005-4380 | 1 Bitweaver | 1 Bitweaver | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php.
|
|||||
| CVE-2006-1751 | 1 Michiel Van Baak | 1 Mvblog | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
|
|||||
| CVE-2006-3318 | 1 Spiffyjr | 1 Phpraid | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.
|
|||||
| CVE-2006-0692 | 1 Carey Briggs | 1 Php Mysql Timesheet | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a) index.php and (b) changehrs.php.
|
|||||
| CVE-2005-1017 | 1 Maxwebportal | 1 Maxwebportal | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp.
|
|||||
| CVE-2002-2305 | 1 Phpsecure.org | 1 Immobilier | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in agentadmin.php in Immobilier allows remote attackers to execute arbitrary SQL commands via the (1) agentname or (2) agentpassword parameter.
|
|||||
| CVE-2006-1018 | 1 Dci-designs | 1 Dawaween | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a diwan view action.
|
|||||
| CVE-2006-3960 | 1 X-scripts | 1 X-poll | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2006-0510 | 1 Daffodil Software | 1 Daffodil Crm | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified parameters in a login action.
|
|||||
| CVE-2005-1487 | 1 Fishnet | 1 Fishcart | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable
|
|||||
| CVE-2006-0897 | 1 Virtual Communication Services | 1 Vpmi Enterprise | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in VCS Virtual Program Management Intranet (VPMi) Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to Service_Requests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this issue, saying that "[we] have a behind the scenes complex state management system that uses a combination of keys placed in JavaScript and Sessi ...
Show More |
|||||