Total
17827 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1613 | 1 Gowondesigns | 1 Leap | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter. | |||||
| CVE-2008-4148 | 1 Drupal | 1 Mailhandler | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API. | |||||
| CVE-2007-6543 | 1 Esyndicat | 1 Esyndicat Link Exchange | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2105 | 1 Kasper Skrhj | 1 References Database | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the References database (t3references) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-3357 | 2 Joomla, Joomlahbs | 2 Joomla, Com Hbssearch | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875. | |||||
| CVE-2008-5865 | 2 Joomla, Joomlahbs | 2 Joomla, Hotel Booking Reservation System | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php. | |||||
| CVE-2009-0883 | 1 Amunak | 1 Blue Eye Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the BlueEyeCMS_login cookie parameter. | |||||
| CVE-2007-5836 | 1 Afcommerce | 1 Afcommerce | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Amazing Flash AFCommerce allows remote attackers to execute arbitrary SQL commands via the firstname parameter to an unspecified component, a different issue than CVE-2006-3794. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-1506 | 1 Intelliants | 1 Elitius | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to banner-details.php. | |||||
| CVE-2009-2618 | 1 Maxdev | 1 Mdpro | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php. | |||||
| CVE-2008-2337 | 1 Imgallery | 1 Imgallery | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in IMGallery 2.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kategoria parameter to (a) galeria.php and the (2) id_phot parameter to (b) popup/koment.php and (c) popup/opis.php in, different vectors than CVE-2006-3163. | |||||
| CVE-2008-6272 | 1 Miticdjd | 1 Apoll | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll 0.7 beta and 0.7.5 allows remote attackers to execute arbitrary SQL command via the pass parameter. | |||||
| CVE-2009-1256 | 1 Flexcms | 1 Flexcms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the ItemId parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-3204 | 1 E-topbiz | 1 Million Pixels | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels 3 allows remote attackers to execute arbitrary SQL commands via the id_cat parameter. | |||||
| CVE-2008-3063 | 1 V-webmail | 1 V-webmail | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in V-webmail 1.5.0 might allow remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-0752 | 2 Joomla, Mambo | 2 Com Neogallery, Com Neogallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Neogallery (com_neogallery) 1.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a show action. | |||||
| CVE-2007-0520 | 1 Unique Ads | 1 Unique Ads | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x allows remote attackers to execute arbitrary SQL commands via the bid parameter. | |||||
| CVE-2008-6266 | 1 Appstate | 1 Phpwebsite | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in links.php in Appalachian State University phpWebSite allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action. | |||||
| CVE-2008-2870 | 1 Sharecms | 1 Sharecms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow remote attackers to execute arbitrary SQL commands via the (1) eventID parameter to event_info.php and the (2) userID parameter to list_user.php. | |||||
| CVE-2008-4700 | 1 Liberiacms | 1 Liberia Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin.php in Libera CMS 1.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the libera_staff_pass cookie parameter. | |||||