Total
17828 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3337 | 1 S9y | 1 Serendipity Event Freetag | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry. | |||||
| CVE-2009-1950 | 1 Ahmet Donmez | 1 Webeyes Guest Book | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter. | |||||
| CVE-2008-1351 | 1 Xoops | 1 Tutoriais Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage action to index.php. | |||||
| CVE-2008-6968 | 1 Pligg | 1 Pligg Cms | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters. | |||||
| CVE-2008-3484 | 1 Estoreaff | 1 Estoreaff | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eStoreAff 0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action to index.php. | |||||
| CVE-2008-1540 | 2 Joomla, Mambo | 2 Datsogallery, Datsogallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Datsogallery (com_datsogallery) 1.3.1 module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-0728 | 2 Maxdev, Postnuke | 3 Md-pro, My Egallery, Postnuke | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the My_eGallery module for MAXdev MDPro (MD-Pro) and Postnuke allows remote attackers to execute arbitrary SQL commands via the pid parameter in a showpic action to index.php. | |||||
| CVE-2008-0785 | 1 Cacti | 1 Cacti | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the (1) graph_list parameter to graph_view.php, (2) leaf_id and id parameters to tree.php, (3) local_graph_id parameter to graph_xport.php, and (4) login_username parameter to index.php/login. | |||||
| CVE-2009-0106 | 1 Phpauctions | 1 Phpauctions | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2008-7208 | 1 Insane Visions | 1 Onecms | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php. | |||||
| CVE-2008-2457 | 1 Bitmixsoft | 1 Php-jokesite | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2009-1409 | 1 E107 | 1 E107 | 2025-04-09 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320. | |||||
| CVE-2008-3388 | 1 Easy-script | 1 Def Blog | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php. | |||||
| CVE-2008-0133 | 1 Thomas Perez | 1 Tribisur | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to cat_main.php and the (2) cat parameter to forum.php in a liste action. | |||||
| CVE-2008-4469 | 1 Vastal I-tech | 1 Freelance Zone | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_cresume.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the coder_id parameter. | |||||
| CVE-2008-3765 | 1 Discountedscripts | 1 Quick Poll Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in code.php in Quick Poll Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-6342 | 1 David Castro | 1 Apache Authcas | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the David Castro AuthCAS module (AuthCAS.pm) 0.4 for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the SESSION_COOKIE_NAME (session ID) in a cookie. | |||||
| CVE-2007-4966 | 1 Gforge | 1 Gforge | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in www/people/editprofile.php in GForge 4.6b2 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_delete[] parameter. | |||||
| CVE-2008-6907 | 1 2532gigs | 1 2532gigs | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, as accessible from a form generated by index.php. | |||||
| CVE-2009-4393 | 2 Daniel Ptzinger, Typo3 | 2 Danp Documentdirs, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||