Total
17809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-4475 | 2 Joomla, Joomlub | 2 Joomla\!, Com Joomlub | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php. | |||||
| CVE-2009-2924 | 1 Videosbroadcastyourself | 1 Videos Broadcast Yourself | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter to catvideo.php and (3) uid parameter to cviewchannels.php. | |||||
| CVE-2007-6058 | 1 Profilecms | 1 Profilecms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) codes action in the profile-codes module, (2) videos action in the video-codes module, or (3) games action in the arcade-games module. | |||||
| CVE-2008-4072 | 1 Phsdev | 1 Phsblog | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588. | |||||
| CVE-2008-7077 | 1 Relative | 1 Sailplanner | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | |||||
| CVE-2008-5226 | 3 Joomla, Mambads, Mambo | 3 Joomla, Mambads, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177. | |||||
| CVE-2008-2968 | 1 Yektaweb | 1 Academic Web Tools | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the book_id parameter. | |||||
| CVE-2008-5310 | 1 Netart Media | 1 Car Portal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in image.php in NetArt Media Car Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-3813 | 1 Runcms | 1 Runcms | 2025-04-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via the (1) forum parameter to modules/forum/post.php and possibly (2) forum_id variable to modules/forum/class/class.permissions.php. | |||||
| CVE-2009-0768 | 1 Yapbb | 1 Yapbb | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the forumID parameter in a next action. | |||||
| CVE-2008-0219 | 1 Php Webquest | 1 Php Webquest | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920. | |||||
| CVE-2009-1585 | 1 R020 | 1 Tematres | 2025-04-09 | 4.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_password parameters to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4351 | 1 Wscreator | 1 Wscreator | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the Email (aka username) parameter. | |||||
| CVE-2009-4229 | 1 Activewebsoftwares | 1 Active Bids | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter in the PATH_INFO to the default URI or (2) the catid parameter to default.asp. NOTE: this might overlap CVE-2009-0429.3. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0918 | 2 Astats, Joomla | 2 Astatspro, Com Astatspro | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6443 | 1 Phpkf | 1 Phpkf | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum_duzen.php in phpKF allows remote attackers to execute arbitrary SQL commands via the fno parameter. | |||||
| CVE-2007-5177 | 2 Mambads, Mambo | 2 Mambads, Mambo | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter. | |||||
| CVE-2009-1032 | 1 Yabsoft | 1 Advanced Image Hosting Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery_list.php in YABSoft Advanced Image Hosting (AIH) Script 2.3 allows remote attackers to execute arbitrary SQL commands via the gal parameter. | |||||
| CVE-2009-2341 | 1 Shalwan | 1 Opial | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter. | |||||
| CVE-2008-3495 | 1 Aspindir | 1 Pcshey Portal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kategori.asp in Pcshey Portal allows remote attackers to execute arbitrary SQL commands via the kid parameter. | |||||