Total
17849 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1875 | 1 Terong | 1 Advanced Web Photo Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter. | |||||
| CVE-2008-1177 | 1 Affiliate Market | 1 Affiliate Market | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shop/detail.php in Affiliate Market (affmarket) 0.1 BETA allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2902 | 1 Alstrasoft | 1 Askme Pro | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085. | |||||
| CVE-2008-4782 | 1 Aiocp | 1 Aiocp | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in public/code/cp_polls_results.php in All In One Control Panel (AIOCP) 1.4 allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. | |||||
| CVE-2008-4156 | 1 Customcms | 1 Gaming Portal | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Portal 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3783 | 1 Matterdaddy | 1 Matterdaddy Market | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in Matterdaddy Market 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters. | |||||
| CVE-2009-1810 | 1 Collector | 1 Mycolex | 2025-04-09 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) medium.php, (4) person.php, or (5) schlagwort.php in modules/, related to classes/class.perform.php. | |||||
| CVE-2008-5197 | 1 Php-fusion | 1 Php-fusion | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action. | |||||
| CVE-2007-6540 | 1 Neuron | 1 News | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/. | |||||
| CVE-2008-0776 | 1 Itechscripts | 1 Itechbids | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | |||||
| CVE-2008-6152 | 1 Sepcity | 1 Faculty Portal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Portal allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: this was originally reported for Lawyer Portal, which does not have a deptdisplay.asp file. | |||||
| CVE-2008-0942 | 1 Aeries | 1 Aeries Student Information System | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk parameter. | |||||
| CVE-2009-2388 | 1 Shalwan | 1 Opial | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtPassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2361 | 1 Osticket | 1 Osticket | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter. | |||||
| CVE-2008-3489 | 1 Phpx | 1 Phpx | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in checkCookie function in includes/functions.inc.php in PHPX 3.5.16 allows remote attackers to execute arbitrary SQL commands via a PXL cookie. | |||||
| CVE-2009-2929 | 1 Tgs-cms | 1 Tgs Content Management | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php. NOTE: some of these parameters may be applicable only in nonstandard versions of the product, and cms/frontpage_ception.php may be cms/frontpage_caption.php in all released versions. | |||||
| CVE-2008-6992 | 1 Greensql | 1 Greensql Firewall | 2025-04-09 | 7.5 HIGH | N/A |
| GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL. | |||||
| CVE-2008-2455 | 1 E107coders | 1 E107 Blog Engine | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the rid parameter. | |||||
| CVE-2008-4656 | 1 Typo3 | 2 Frontend Users View, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6030 | 1 Netartmedia | 1 Jobs Portal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3 allow remote attackers to execute arbitrary SQL commands via (1) the job parameter to index.php in the search module or (2) the news_id parameter to index.php. | |||||