Total
17827 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5289 | 1 Scripts4you | 1 Clean Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in full_txt.php in Werner Hilversum Clean CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2642 | 1 Kmrg-itb | 1 Otomigenx | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remote attackers to execute arbitrary SQL commands via the userAccount parameter (aka the User Name field) to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0468 | 1 Flinx | 1 Flinx | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in Flinx 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0458 | 1 Wholehogsoftware | 1 Ware Support | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Ware Support 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3961 | 1 Jos De Ruijter | 1 Superseriousstats | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in Super Serious Stats (aka superseriousstats) before 1.1.2p1 allows remote attackers to execute arbitrary SQL commands via the uid parameter, related to an "incorrect regexp." NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4218 | 1 Jiros | 1 Jbsx | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System eXperience (JBSX) allow remote attackers to execute arbitrary SQL commands via the (1) admin or (2) password field, a related issue to CVE-2007-6091. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6282 | 1 Ortus.nirn | 1 Cms Ortus | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php. | |||||
| CVE-2009-2167 | 1 Egyplus | 1 7ammel | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | |||||
| CVE-2008-6980 | 1 Phpadultsite | 1 Phpadultsite Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to execute arbitrary SQL commands via the results_per_page parameter to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0293 | 1 Wazzum | 1 Wazzum Dating Software | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile_view.php in Wazzum Dating Software, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the userid parameter. | |||||
| CVE-2008-2522 | 1 Haudenschilt | 1 Battlenet Clan Script | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in members.php in Battle.net Clan Script for PHP 1.5.3 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showmember parameter in a members action. | |||||
| CVE-2009-0707 | 1 Powerscripts | 1 Powerclan | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in PowerClan 1.14a allows remote attackers to execute arbitrary SQL commands via the loginemail parameter (aka login field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0706 | 3 Joomla, Mambo, Simple-review | 3 Joomla, Mambo, Com Simple Review | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Simple Review (com_simple_review) component 1.3.5 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php. | |||||
| CVE-2009-0373 | 2 Elearningforce, Joomla | 2 Flash Magazine Deluxe, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ElearningForce Flash Magazine Deluxe (com_flashmagazinedeluxe) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mag_id parameter in a magazine action to index.php. | |||||
| CVE-2007-1897 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. | |||||
| CVE-2008-6582 | 1 Miniweb2 | 1 Miniweb | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | |||||
| CVE-2008-2175 | 1 Gamma Scripts | 1 Blogme Php | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in Gamma Scripts BlogMe PHP 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0542 | 1 Proftpd Project | 1 Proftpd | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql. | |||||
| CVE-2008-0827 | 1 Phpnuke | 1 Book | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-2562 | 1 Powerphlogger | 1 Powerphlogger | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action. | |||||