Total
17830 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6327 | 1 Manzovi | 1 Proquiz | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter, a different vector than CVE-2008-6312. | |||||
| CVE-2008-6484 | 1 Mole-group | 1 Taxi Calc Dist Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Mole Group Taxi Map Script (aka Taxi Calc Dist Script) allows remote attackers to execute arbitrary SQL commands via the user field. | |||||
| CVE-2009-1778 | 1 Bigace | 1 Bigace Cms | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-5974 | 1 Activewebsoftwares | 1 Active Price Comparison | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields. | |||||
| CVE-2007-5678 | 1 Phpbasic | 1 Phpbasic | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Music module in phpBasic allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to the default URI. | |||||
| CVE-2008-2996 | 1 Gravityboardx | 1 Gravity Board X | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in Gravity Board X (GBX) 2.0 Beta, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchquery parameter in a getsearch action, and the (2) board_id parameter in a viewboard action. | |||||
| CVE-2006-7138 | 1 Oracle | 1 Apex | 2025-04-09 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven. | |||||
| CVE-2008-7049 | 1 Natterchat | 1 Natterchat | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due to lack of details, it is not clear whether this is related to CVE-2004-2206. | |||||
| CVE-2009-1851 | 1 Benjamin Curtis | 1 Phpbugtracker | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5196 | 1 Php-fusion | 2 Php-fusion, The Kroax Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2007-6217 | 1 Irola | 1 My-time | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.asp in Irola My-Time (aka Timesheet) 3.5 allow remote attackers to execute arbitrary SQL commands via the (1) login (aka Username) and (2) password parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-2142 | 1 Zipstore | 1 Zip Store Chat | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters. | |||||
| CVE-2009-1850 | 1 Benjamin Curtis | 1 Phpbugtracker | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2008-0447 | 1 Foojan | 1 Php Weblog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter. | |||||
| CVE-2009-3116 | 1 Uiga | 1 Church Portal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the year parameter in a calendar action. | |||||
| CVE-2008-4186 | 1 Webcms | 1 Webcms Portal Edition | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id_doc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0882 | 1 Roman Bogorodskiy | 1 Nforum | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in nForum 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to showtheme.php and the (2) user parameter to userinfo.php. | |||||
| CVE-2008-6989 | 1 Ezphotogallery | 1 Ezphotogallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2006-7025 | 1 Sangwan Kim | 1 Bookmark4u | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter. | |||||
| CVE-2009-2601 | 2 Joomla, Joomlaequipment | 2 Joomla\!, Juser | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php. | |||||