Total
17829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6344 | 1 Typo3 | 2 Tu-clausthal Staff, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) 0.3.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6488 | 1 Softcomplex | 1 Php Image Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action. | |||||
| CVE-2009-1362 | 1 Chcounter | 1 Chcounter | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6352 | 1 Xpoze | 1 Xpoze Pro | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows remote attackers to execute arbitrary SQL commands via the menu parameter. | |||||
| CVE-2007-6163 | 1 Gouae | 1 Dwd Realty | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3319 | 1 Dimofinf | 1 Dawaween | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018. | |||||
| CVE-2009-2179 | 1 W2b | 1 Phpdatingclub | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in phpDatingClub 3.7 allows remote attackers to execute arbitrary SQL commands via the sform[day] parameter. | |||||
| CVE-2008-6019 | 1 Do-cms | 1 Do-cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6109 | 1 Candypress | 1 Candypress Store | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp. | |||||
| CVE-2009-2103 | 2 Steve Grundell, Typo3 | 2 Frontend Mp3 Player, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-0262 | 1 Agares Media | 1 Phpautovideo | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter. | |||||
| CVE-2008-2632 | 1 Joomla | 2 Com Acctexp, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the acctexp (com_acctexp) component 0.12.x and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the usage parameter in a subscribe action to index.php. | |||||
| CVE-2008-3701 | 1 Kayako | 1 Supportsuite | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action. | |||||
| CVE-2008-1913 | 1 Lasernet Cms | 1 Lasernet Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the new parameter in a new action. | |||||
| CVE-2008-6277 | 1 Rakhisoftware | 1 Rakhisoftware Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allows remote attackers to execute arbitrary SQL commands via the subcategory_id parameter. | |||||
| CVE-2008-1715 | 1 Auracms | 1 Auracms | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter. | |||||
| CVE-2009-0740 | 1 Frankmancuso | 1 Bluebird | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | |||||
| CVE-2007-4778 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the content component (com_content) in Joomla! 1.5 Beta1, Beta2, and RC1 allow remote attackers to execute arbitrary SQL commands via the filter parameter in an archive action to (1) archive.php, (2) category.php, or (3) section.php in models/. NOTE: this may be the same as CVE-2007-4777. | |||||
| CVE-2008-2381 | 1 Gforge | 1 Gforge | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable. | |||||
| CVE-2009-4163 | 2 Tw Productfinder, Typo3 | 2 Tw Productfinder, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||