Total
17822 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-2898 | 1 2z Project | 1 2z Project | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php. | |||||
| CVE-2009-4566 | 1 Zenphoto | 1 Zenphoto | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows remote attackers to execute arbitrary SQL commands via the title parameter in a news action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3603 | 1 Vacation Rentals | 1 Vacation Rental Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action. | |||||
| CVE-2008-2492 | 1 Badongo | 1 Campus Bulletin Board | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to post3/book.asp. | |||||
| CVE-2009-3310 | 1 Shalwan | 1 Zainu | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Zainu 1.0 allows remote attackers to execute arbitrary SQL commands via the album_id parameter in an AlbumSongs action. | |||||
| CVE-2008-0801 | 3 Joomla, Mambo-foundation, Paxxgallery | 3 Joomla\!, Mambo, Com Paxxgallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the PAXXGallery (com_paxxgallery) 0.2 component for Mambo and Joomla! allow remote attackers to execute arbitrary SQL commands via (1) the iid parameter in a view action, and possibly (2) the userid parameter. | |||||
| CVE-2009-4474 | 2 Mambo-foundation, Mikedeboer | 2 Mambo, Com Zoom | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2009-0281 | 1 Warhound | 1 Walking Club | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.aspx in WarHound Walking Club allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2008-3245 | 1 Cable-modems | 1 Phphoo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, 4.4.8, and 5.2.6 allows remote attackers to execute arbitrary SQL commands via the viewCat parameter. | |||||
| CVE-2008-5191 | 1 Seportal | 1 Seportal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php. | |||||
| CVE-2007-0695 | 1 Free Lan Intra Internet Portal | 1 Free Lan Intra Internet Portal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net Portal (FLIP) before 1.0-RC3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some sources mention the escape_sqlData, implode_sql, and implode_sqlIn functions, but these are protection schemes, not the vulnerable functions. | |||||
| CVE-2008-0770 | 1 Ibproarcade | 1 Ibproarcade | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the g_display_order cookie parameter. | |||||
| CVE-2009-4059 | 2 .joomclan, Joomla | 2 Com Joomclip, Joomla\! | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the JoomClip (com_joomclip) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a thumbs action to index.php. | |||||
| CVE-2008-0144 | 1 Phprisk | 1 Netrisk | 2025-04-09 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences. | |||||
| CVE-2009-1410 | 1 Opensolution | 1 Quick.cms.lite | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6837 | 1 Zoph | 1 Zoph | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5267 | 1 Experts | 1 Experts | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in answer.php in Experts 1.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the question_id parameter. | |||||
| CVE-2008-5170 | 1 Easysitenetwork | 1 Cheats Complete Website | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | |||||
| CVE-2008-0850 | 1 Dokeos | 1 Dokeos | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php. | |||||
| CVE-2008-6007 | 1 Quidascript | 1 Bookmarks Favourites Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_group.php in QuidaScript BookMarks Favourites Script (APB) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||