Total
17845 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2380 | 1 Courier-mta | 1 Courtier-authlib | 2025-04-09 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes. | |||||
| CVE-2008-3787 | 1 Nullscripts | 1 Web Directory Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listing_view.php in Web Directory Script 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||||
| CVE-2008-6337 | 2 Joomla, Joomlaapps | 2 Joomla, Com Volunteer | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Volunteer Management System (com_volunteer) module 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the job_id parameter in a jobshow action to index.php. | |||||
| CVE-2007-4777 | 1 Joomla | 1 Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778. | |||||
| CVE-2009-1584 | 1 R020 | 1 Tematres | 2025-04-09 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php. | |||||
| CVE-2008-2746 | 1 Gryphon | 1 Gllcts2 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 allows remote attackers to execute arbitrary SQL commands via the detail parameter. | |||||
| CVE-2008-2521 | 1 Yabsoft | 1 Mega File Hosting Script | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter. | |||||
| CVE-2007-6556 | 1 Websihirbazi | 1 Websihirbazi | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to default.asp in a news page action or (2) the pageid parameter to default.asp. | |||||
| CVE-2008-6020 | 1 Drupal | 2 Drupal, Views | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields." | |||||
| CVE-2009-1509 | 1 Myiosoft | 1 Ajaxportal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2007-5261 | 1 Iscripts | 1 Multicart | 2025-04-09 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php. | |||||
| CVE-2009-0431 | 1 Codefixer | 1 Linkspro | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Default.asp in LinksPro Standard Edition allows remote attackers to execute arbitrary SQL commands via the OrderDirection parameter. | |||||
| CVE-2008-2428 | 1 Torrenttrader | 1 Torrenttrader Classic | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action. | |||||
| CVE-2008-2897 | 1 Pagesquid | 1 Pagesquid Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2008-6812 | 1 Surat Kabar | 1 Phpwebnews | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the det parameter. | |||||
| CVE-2008-5488 | 1 E-topbiz | 1 Domain Shop | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 allows remote attackers to execute arbitrary SQL commands via the passfromform parameter. | |||||
| CVE-2009-1952 | 1 Propertymaxpro | 1 Propertymax Pro Free | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the administrative login feature in PropertyMax Pro FREE 0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2008-6678 | 1 Quickersite | 1 Quickersite | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in asp/includes/contact.asp in QuickerSite 1.8.5 allows remote attackers to execute arbitrary SQL commands via the sNickName parameter in a profile action to default.asp. | |||||
| CVE-2008-2067 | 1 Minibb | 1 Minibb | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows remote attackers to execute arbitrary SQL commands via the whatus parameter in a searchusers2 action. NOTE: it was later reported that other versions before 3.0.1 are also vulnerable. | |||||
| CVE-2007-0527 | 1 Website Baker | 1 Website Baker | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information. | |||||