Total
17809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4497 | 1 Built2go | 1 Real Estate Listings | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in event_detail.php in Built2Go Real Estate Listings 1.5 allows remote attackers to execute arbitrary SQL commands via the event_id parameter. | |||||
| CVE-2008-3251 | 1 Tpl Design | 1 Tplsoccersite | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/. | |||||
| CVE-2009-2598 | 1 Onlinegrades | 1 Online Grades | 2025-04-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Online Grades & Attendance 3.2.6 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the key parameter in a resetpass action to index.php and (2) remote authenticated users to execute arbitrary SQL commands via the ADD parameter in a mailto action to parents/parents.php. | |||||
| CVE-2008-6364 | 1 Adserversolutions | 1 Banner Exchange Software | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3582 | 1 Keld | 1 Php-mysql News Script | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-3403 | 1 Mojoscripts | 1 Mojopersonals | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mojoClassified.cgi in MojoPersonals allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-2790 | 1 Mountaingrafix | 1 Easytrade | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in MountainGrafix easyTrade 2.x allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0324 | 1 Bibciter | 1 Bibciter | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php. | |||||
| CVE-2007-6559 | 1 Logaholic | 1 Logaholic | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 allow remote attackers to execute arbitrary SQL commands via (1) the from parameter to index.php or (2) the page parameter to update.php. | |||||
| CVE-2007-4602 | 1 Implied By Design | 1 Micro Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in cms/revert-content.php in Implied by Design Micro CMS (Micro-CMS) 3.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1913 | 1 Luxbum | 1 Luxbum | 2025-04-09 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in manager.php in LuxBum 0.5.5, when magic_quotes_gpc is disabled and dotclear authentication is used, allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | |||||
| CVE-2009-1277 | 1 Gravityboardx | 1 Gravity Board X | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2. | |||||
| CVE-2008-2862 | 1 Elinestudio | 1 Site Composer | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp. | |||||
| CVE-2006-6073 | 1 Enthrallweb | 1 Eshopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter in productdetail.asp or the (2) categoryid parameter in products.asp. | |||||
| CVE-2008-5074 | 1 Php-fusion | 2 Freshlinks Module, Php-fusion | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter. | |||||
| CVE-2008-4369 | 1 Availscript | 1 Availscript Photo Album | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2009-4296 | 2 Brian Miller, Drupal | 2 Taxonomy Timer, Drupal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-2886 | 1 Phpscriptsnow | 1 President Bios | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter. | |||||
| CVE-2008-4364 | 1 Parsagostar | 1 Parsaweb Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page. | |||||
| CVE-2009-0462 | 1 Clicktech | 1 Clickcart | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in customer_login_check.asp in ClickTech ClickCart 6.0 allow remote attackers to execute arbitrary SQL commands via (1) the txtEmail parameter (aka E-MAIL field) or (2) the txtPassword parameter (aka password field) to customer_login.asp. NOTE: some of these details are obtained from third party information. | |||||