Total
17845 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0772 | 2 Joomla, Mambo | 2 Com Doc, Com Doc | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task. | |||||
| CVE-2009-3543 | 1 Phenotype-cms | 1 Phenotype Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name). | |||||
| CVE-2008-7085 | 1 Thehockeystop | 1 Hockeystats Online | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php. | |||||
| CVE-2008-6880 | 1 Easysitenetwork | 1 Jokes Complete Website | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes Website allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0534 | 1 Flexcms | 1 Flexcms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter. | |||||
| CVE-2008-5960 | 1 Tribiq | 1 Tribiq Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Tribiq CMS Community 5.0.10B and 5.0.11E allows remote attackers to execute arbitrary SQL commands via the cID parameter in a document action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-4598 | 2 Corephp, Joomla | 2 Com Jphoto, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a category action to index.php. | |||||
| CVE-2009-2154 | 1 Sappy.dk | 1 Impleo Music Collection | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/login.php in Impleo Music Collection 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-3378 | 1 Fizzmedia Negativekarma | 1 Fizzmedia | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||||
| CVE-2008-5578 | 1 Scssboard | 1 Scssboard | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allow remote attackers to execute arbitrary SQL commands via (1) the f parameter in a showforum action, (2) the u parameter in a profile action, (3) the viewcat parameter, or (4) a combination of scb_uid and scb_ident cookie values. | |||||
| CVE-2008-5654 | 1 Myiosoft | 1 Easycalendar | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyCalendar 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter, a different vector than CVE-2008-1344. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2926 | 1 Phpcompet.free | 1 Php Competition System | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php. | |||||
| CVE-2008-6312 | 1 Manzovi | 1 Proquiz | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2007-6666 | 1 Zenphoto | 1 Zenphoto | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 allows remote attackers to execute arbitrary SQL commands via the albumnr parameter. | |||||
| CVE-2007-3705 | 1 Fusetalk | 1 Fusetalk | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified components, related to forum/include/error/forumerror.cfm. | |||||
| CVE-2008-1464 | 1 Gallarific | 1 Gallarific | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) query parameter to (a) search.php; (2) gusername and (3) gpassword parameters to (b) login.php; and the (4) username and (5) password parameters to (c) gadmin/index.php in a signin action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2007-2673 | 1 Censura | 1 Censura | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/funcs_vendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action to censura.php. | |||||
| CVE-2007-5646 | 1 Simple Machines | 1 Simple Machines Forum | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php. | |||||
| CVE-2008-2446 | 1 Wgcc | 1 Web Group Communication Center | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) userid parameter to (a) profile.php in a "show moreinfo" action; the (2) bildid parameter to (b) picturegallery.php in a shownext action; the (3) id parameter to (c) filebase.php in a freigeben action, (d) schedule.php in a del action, and (e) profile.php in an observe action; and the (4) pmid parameter in a delete action and (5) folderid parameter in a showfolder action to (f) message.php. | |||||
| CVE-2008-4738 | 1 Tufat | 1 Mycard | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||