Total
17799 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5270 | 1 Wareziz | 1 Yuhhu Superstar 2008 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 allows remote attackers to execute arbitrary SQL commands via the board parameter. | |||||
| CVE-2009-2883 | 1 Arabless | 1 Saphplesson | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php. | |||||
| CVE-2009-3718 | 1 Davethewebguy | 1 Battle Blog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter. | |||||
| CVE-2008-0157 | 1 Flexbb | 1 Flexbb | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie. | |||||
| CVE-2008-1859 | 1 Iscripts | 1 Socialware | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. | |||||
| CVE-2009-4582 | 1 Xoops | 1 Xoops Dictionary | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in the Dictionary module for XOOPS 2.0.18 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1640 | 1 Jgs-xa | 1 Jgs Treffen | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jgs_treffen.php in the JGS-XA JGS-Treffen 2.0.2 and earlier addon for Woltlab Burning Board (wBB) allows remote attackers to execute arbitrary SQL commands via the view_id parameter in an ansicht action. | |||||
| CVE-2008-4768 | 1 Tlm Cms | 1 Tlm Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to execute arbitrary SQL commands via the nom parameter to a-b-membres.php. NOTE: the goodies.php vector is already covered by CVE-2007-4808. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-1341 | 1 Lagarde | 1 Storefront | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-1962 | 1 Xoops | 2 Wf-snippets, Xoops | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | |||||
| CVE-2008-6460 | 2 Mirko Werner, Typo3 | 2 Mw Random Objects, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6788 | 1 Minddezign | 1 Photo Gallery | 2025-04-09 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php. | |||||
| CVE-2008-0744 | 1 Preprojects.com | 1 Pre Hotels \& Resorts Management System | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user_login.asp in PreProjects.com Pre Hotels & Resorts Management System allows remote attackers to execute arbitrary SQL commands via the login page. | |||||
| CVE-2008-6086 | 1 Camera Life | 1 Camera Life | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3355. | |||||
| CVE-2009-4208 | 1 Open-school | 1 Open-school | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php. | |||||
| CVE-2009-2394 | 2 Mr Saphp Arabic Mobile, Smspages | 2 Messages Library, Smspages | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp Arabic Script Mobile (aka Messages Library) 2.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter. | |||||
| CVE-2009-0493 | 1 Martin Unzner | 1 It\!cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier allows remote attackers to execute arbitrary SQL commands via the Username. | |||||
| CVE-2009-4158 | 2 Mario Matzulla, Typo3 | 2 Cal, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-2337 | 1 W3bcms | 2 Gaestebuch Guestbook Module, W3bcms | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter. | |||||
| CVE-2008-1591 | 1 Postnuke | 1 Postnuke | 2025-04-09 | 7.5 HIGH | N/A |
| The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable). | |||||