Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-1006 | 1 Sendcard | 1 Sendcard | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in sendcard.php in sendcard before 3.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.
|
|||||
| CVE-2003-0377 | 1 Iisprotect | 1 Iisprotect | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP.
|
|||||
| CVE-2005-3553 | 1 Phpkit | 1 Phpkit | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable).
|
|||||
| CVE-2005-4232 | 1 Jamit | 1 Jamit Job Board | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the vendor has disputed this issue, saying "The vulnerability is without any basis and did not actually work." CVE has not verified either the vendor or researcher statements, but the original researcher is known to make frequent mistakes when reporting SQL injection
|
|||||
| CVE-2006-4042 | 1 Mywebland | 1 Mybloggie | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.
|
|||||
| CVE-2006-4756 | 1 Accomplishtechnology | 1 Phpmydirectory | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
|
|||||
| CVE-2004-2746 | 1 Pensacola Web Designs | 1 Xtremeasp Photogallery | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
|
|||||
| CVE-2006-1423 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | 5.0 MEDIUM | N/A |
|
SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 br5, 6.0.1, 6.0.2, and earlier, allows remote attackers to execute arbitrary SQL commands via the Number parameter.
|
|||||
| CVE-2006-0750 | 1 Supersmashbrothers | 1 Army System | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php.
|
|||||
| CVE-2003-1533 | 1 Phppass | 1 Phppass | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameters.
|
|||||
| CVE-2006-0318 | 1 Insane Visions | 1 Blogphp | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.
|
|||||
| CVE-2006-0074 | 1 Jevontech | 1 Phpenpals | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected.
|
|||||
| CVE-2006-1871 | 1 Oracle | 1 Database Server | 2025-04-03 | 6.5 MEDIUM | N/A |
|
SQL injection vulnerability in Oracle Database Server 9.2.0.7 and 10.1.0.5 allows remote attackers to execute arbitrary SQL commands via the DELETE_FROM_TABLE function in the DBMS_LOGMNR_SESSION (Log Miner) package, aka Vuln# DB06.
|
|||||
| CVE-2006-3048 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
|
|||||
| CVE-2005-3877 | 1 Cafuego | 1 Simple Document Management System | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php.
|
|||||
| CVE-2006-4736 | 1 Cms.r. | 1 Cms.r. | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 allow remote attackers to execute arbitrary SQL commands via the (1) adminname and (2) adminpass parameters. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2006-2090 | 1 Mysmartbb | 1 Mysmartbb | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) username parameters.
|
|||||
| CVE-2005-3748 | 1 Tru-zone | 1 Nukeet | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter.
|
|||||
| CVE-2006-1676 | 1 Maxdev | 1 Md-pro | 2025-04-03 | 6.4 MEDIUM | N/A |
|
SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro (MD-Pro) 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in PNuserapi.PHP.
|
|||||
| CVE-2005-3845 | 1 Ezinvoiceinc | 1 Ez Invoice Inc | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email [email protected] and EZI will email you the patch to fix this small issue."
|
|||||
| CVE-2002-2252 | 1 Atthat.com | 1 Thatware | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via a base64-encoded user parameter.
|
|||||
| CVE-2005-4606 | 1 Webwiz | 4 Database Login, Journal, Site News and 1 more | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter.
|
|||||
| CVE-2005-4617 | 1 Forperfect | 1 Csupport | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pg parameter.
|
|||||
| CVE-2006-0199 | 1 Mini-nuke | 1 Cms System | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.
|
|||||
| CVE-2005-4315 | 1 Nicplex | 1 Plexcart X3 | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the search function in Plexum PLEXCART X3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly involving the (1) s_itemname and (2) s_orderby parameters to plexcart.pl.
|
|||||
| CVE-2006-0961 | 1 Cilem | 1 Cilem Haber | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as "Cilem News," although that does not appear to be the proper name.
|
|||||
| CVE-2004-1553 | 1 Fullrevolution | 1 Aspwebalbum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.
|
|||||
| CVE-2006-1360 | 1 Musicbox | 1 Musicbox | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) type, or (3) show parameter to (a) index.php; or the (4) message1 or (5) message parameter to (b) cart.php.
|
|||||
| CVE-2005-3325 | 2 Acid, Secureideas | 2 Analysis Console For Intrusion Databases, Basic Analysis And Security Engine | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters.
|
|||||
| CVE-2006-0586 | 1 Oracle | 2 Application Server, Oracle10g | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16 ...
Show More |
|||||
| CVE-2003-1458 | 1 Ttcms | 2 Ttcms, Ttforum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum allows remote attackers to execute arbitrary SQL commands via the member name.
|
|||||
| CVE-2006-0602 | 1 Hinton Design | 1 Phphg Guestbook | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to check.php or the id parameter to (2) admin/edit_smilie.php, (3) admin/add_theme.php, (4) admin/ban_ip.php, (5) admin/add_lang.php, or (6) admin/edit_filter.php.
|
|||||
| CVE-2005-4228 | 1 Phpwebgallery | 1 Phpwebgallery | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. NOTE: it was later reported that the comments.php/sort_by vector also affects 1.7.2 and earlier.
|
|||||
| CVE-2005-4071 | 1 Cfmagic | 1 Magic Forum Personal | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm.
|
|||||
| CVE-2006-1330 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php.
|
|||||
| CVE-2005-2035 | 1 Cool Cafe Chat | 1 Cool Cafe Chat | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password.
|
|||||
| CVE-2006-4214 | 1 Zen Cart | 1 Zen Cart | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) GPC data to the ipn_get_stored_session function in ipn_main_handler.php, which can be leveraged to modify elements of $_SESSION; and allow remote authenticated users to execute arbitrary SQL commands via (2) a session id within a cookie to whos_online_session_recreate, (3) the quantity field to the add_cart function, (4) an id[] parameter when adding an item to ...
Show More |
|||||
| CVE-2006-0123 | 1 Adn Forum | 1 Adn Forum | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and possibly other vectors.
|
|||||
| CVE-2005-0252 | 1 Guillaumegardey | 1 Biborb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password.
|
|||||
| CVE-2005-4515 | 1 Lois Software | 1 Webdb | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in WebDB 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search parameters, possibly Search0. NOTE: the vendor has disputed this issue, saying that "WebDB is a generic online database system used by many of the clients of Lois Software. The flaw that was identified was some code that was added for a client to do some testing of his system and only certain safe commands were allowed. This code has now been removed and it is no ...
Show More |
|||||