Total
18012 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3646 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php.
|
|||||
| CVE-2006-2103 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 2.1 LOW | N/A |
|
SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows remote authenticated administrators to execute arbitrary SQL commands via the (1) query string ($querystring variable) in (a) admin/adminlogs.php, which is not properly handled by adminfunctions.php; or (2) setid, (3) expand, (4) title, or (5) sid2 parameters to (b) admin/templates.php.
|
|||||
| CVE-2005-3952 | 1 Php Labs | 1 Top Auction | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.
|
|||||
| CVE-2003-1520 | 1 Fuzzymonkey | 1 Myclassifieds | 2025-04-03 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.
|
|||||
| CVE-2006-0772 | 1 Hitachi | 1 Business Logic | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function.
|
|||||
| CVE-2006-3064 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers.
|
|||||
| CVE-2003-1340 | 1 Phpnuke | 1 Php-nuke | 2025-04-03 | 6.5 MEDIUM | N/A |
|
Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 and 6.5 allow remote authenticated users to execute arbitrary SQL commands via (1) a uid (user) cookie to modules.php; and allow remote attackers to execute arbitrary SQL commands via an aid (admin) cookie to the Web_Links module in a (2) viewlink, (3) MostPopular, or (4) NewLinksDate action, different vectors than CVE-2003-0279.
|
|||||
| CVE-2005-4027 | 1 Simplemedia | 1 Simplebbs | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters.
|
|||||
| CVE-2006-3688 | 1 Francisco Charrua | 1 Photo-gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Room.php in Francisco Charrua Photo-Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
|||||
| CVE-2006-2760 | 1 Warpspeed | 1 4nforum | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
|
|||||
| CVE-2005-3543 | 1 Phorum | 1 Phorum | 2025-04-03 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter.
|
|||||
| CVE-2005-3686 | 1 Newsboard | 1 Unclassified Newsboard | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in search.inc.php in Unclassified NewsBoard before 1.5.3 Patch 4 allows remote attackers to execute arbitrary SQL commands via the (1) DateFrom or (2) DateUntil parameter to forum.php.
|
|||||
| CVE-2006-0146 | 6 John Lim, Mantis, Mediabeez and 3 more | 6 Adodb, Mantis, Mediabeez and 3 more | 2025-04-03 | 7.5 HIGH | N/A |
|
The server.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PHPOpenChat, (7) MAXdev MD-Pro, and (8) MediaBeez, when the MySQL root password is empty, allows remote attackers to execute arbitrary SQL commands via the sql parameter.
|
|||||
| CVE-2002-2304 | 1 Myphpsoft | 1 Myphplinks | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in admin/auth/checksession.php in MyPHPLinks 2.1.9 and 2.2.0 allows remote attackers to execute arbitrary SQL commands via the idsession parameter.
|
|||||
| CVE-2006-4734 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.
|
|||||
| CVE-2005-4244 | 1 Snipegallery | 1 Snipe Gallery | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php.
|
|||||
| CVE-2006-4785 | 1 Moodle | 1 Moodle | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and earlier allows remote attackers to execute arbitrary SQL commands via the format parameter as stored in the $blogEntry variable, which is not properly handled by the insert_record function, which calls _adodb_column_sql in the adodb layer (lib/adodb/adodb-lib.inc.php), which does not convert the data type to an int.
|
|||||
| CVE-2006-0249 | 1 Bitdamaged | 1 Geoblog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in viewcat.php in BitDamaged geoBlog MOD_1.0 allows remote attackers to execute arbitrary SQL commands, then steal credentials and upload files, via the cat parameter ($tmpCategory variable).
|
|||||
| CVE-2005-4478 | 1 Papoo | 1 Papoo | 2025-04-03 | 7.5 HIGH | N/A |
|
Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the (2) forumid and (3) reporeid_print parameters to (c) print.php.
|
|||||
| CVE-2006-3823 | 1 Geodesicsolutions | 2 Geoauctions Premier, Geoclassifieds Basic | 2025-04-03 | 5.1 MEDIUM | N/A |
|
SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter.
|
|||||
| CVE-2005-4198 | 1 Netref | 1 Netref | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in Netref 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources.
|
|||||
| CVE-2004-2751 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 6.8 MEDIUM | N/A |
|
SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
|
|||||
| CVE-2006-1501 | 1 Oneorzero | 1 Oneorzero | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action.
|
|||||
| CVE-2006-1962 | 1 Pcpin | 1 Pcpin Chat | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field (login parameter) to main.php.
|
|||||
| CVE-2006-2977 | 1 Mafia Moblog | 1 Mafia Moblog | 2025-04-03 | 7.5 HIGH | N/A |
|
SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and earlier allows remote attackers to execute arbitrary SQL commands via the img parameter.
|
|||||
| CVE-2024-36801 | 1 Sem-cms | 1 Semcms | 2025-04-03 | N/A | 5.9 MEDIUM |
|
A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the lgid parameter in Download.php.
|
|||||
| CVE-2024-36800 | 1 Sem-cms | 1 Semcms | 2025-04-03 | N/A | 7.5 HIGH |
|
A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php.
|
|||||
| CVE-2024-34987 | 1 Phpgurukul | 1 Online Fire Reporting System | 2025-04-03 | N/A | 9.1 CRITICAL |
|
A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the username input field during the login process.
|
|||||
| CVE-2024-35511 | 1 Phpgurukul | 1 Men Salon Management System | 2025-04-03 | N/A | 4.7 MEDIUM |
|
phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injection via the "username" parameter of /msms/admin/index.php.
|
|||||
| CVE-2025-1380 | 1 Codezips | 1 Gym Management System | 2025-04-02 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/del_plan.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-26156 | 1 Phpgurukul | 1 Online Shopping Portal Project | 2025-04-02 | N/A | 8.8 HIGH |
|
A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter.
|
|||||
| CVE-2025-1379 | 1 Code-projects | 1 Real Estate Property Management System | 2025-04-02 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-1965 | 1 Projectworlds | 1 Online Hotel Booking | 2025-04-02 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability classified as critical has been found in projectworlds Online Hotel Booking 1.0. Affected is an unknown function of the file /admin/login.php. The manipulation of the argument emailusername leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-1963 | 1 Projectworlds | 1 Online Hotel Booking | 2025-04-02 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /reservation.php. The manipulation of the argument checkin leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-1962 | 1 Projectworlds | 1 Online Hotel Booking | 2025-04-02 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been classified as critical. This affects an unknown part of the file /admin/addroom.php. The manipulation of the argument roomname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-1966 | 1 Phpgurukul | 1 Pre-school Enrollment System | 2025-04-02 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability classified as critical was found in PHPGurukul Pre-School Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2023-22630 | 1 Izybat | 1 Orange Casiers | 2025-04-02 | N/A | 4.3 MEDIUM |
|
IzyBat Orange casiers before 20221102_1 allows SQL Injection via a getCasier.php?taille= URI.
|
|||||
| CVE-2022-4230 | 1 Veronalabs | 1 Wp Statistics | 2025-04-02 | N/A | 8.8 HIGH |
|
The WP Statistics WordPress plugin before 13.2.9 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manage_options capability (admin+), however the plugin has a settings to allow low privilege users to access it as well.
|
|||||
| CVE-2025-2627 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-04-02 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in PHPGurukul Art Gallery Management System 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-2628 | 1 Phpgurukul | 1 Art Gallery Management System | 2025-04-02 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, was found in PHPGurukul Art Gallery Management System 1.1. Affected is an unknown function of the file /art-enquiry.php. The manipulation of the argument eid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||