Total
17829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0719 | 1 Oscommerce | 2 Customer Testimonials, Oscommerce | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter. | |||||
| CVE-2007-4984 | 2 Ktauber, Phpbb | 2 Stylesdemo, Phpbb | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Ktauber.com StylesDemo mod for phpBB 2.0.xx allows remote attackers to execute arbitrary SQL commands via the s parameter. | |||||
| CVE-2008-6438 | 2 E107, E107coders | 2 E107, Macguru Blog Engine Plugin | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected. | |||||
| CVE-2008-5491 | 1 Slimcms | 1 Slimcms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pageID parameter. | |||||
| CVE-2008-6725 | 1 Cmscout | 1 Cmscout | 2025-04-09 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) index.php in a mythings page (mythings.php) and (2) the users page in admin.php. | |||||
| CVE-2008-2815 | 1 Mymarket | 1 Mymarket | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4736 | 1 Cartkeeper | 1 Ckgold Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in CartKeeper CKGold Shopping Cart 2.0 allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
| CVE-2009-2269 | 1 Phome Empire | 1 Phome Empire Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/. | |||||
| CVE-2008-2429 | 1 Calendarix | 1 Basic | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and vector 2 might overlap CVE-2005-1865.2. | |||||
| CVE-2008-1919 | 1 Yourfreeworld | 1 Apartment Search Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listtest.php in YourFreeWorld Apartment Search Script allows remote attackers to execute arbitrary SQL commands via the r parameter. | |||||
| CVE-2007-0984 | 1 Aspcode.net | 1 Pollmentor | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp. | |||||
| CVE-2009-1751 | 1 Realtywebware | 1 Realty Web-base | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in list_list.php in Realty Webware Technologies Web-Base 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3387 | 1 Phpfootball | 1 Phpfootball | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter. | |||||
| CVE-2008-0142 | 1 Webportal | 1 Webportal Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors. | |||||
| CVE-2008-6573 | 1 Avaya | 1 Communication Manager | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server. | |||||
| CVE-2008-3768 | 1 Turnkeywebtools | 1 Sunshop Shopping Cart | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors. | |||||
| CVE-2009-3595 | 1 Vspanel | 1 Vs Panel | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590. | |||||
| CVE-2009-0339 | 1 Dmxready | 1 Blog Manager | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action. | |||||
| CVE-2007-5452 | 1 Php-stats | 1 Php-stats | 2025-04-09 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter. | |||||
| CVE-2008-1509 | 1 Xlportal | 1 Xlportal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||