Total
17809 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1641 | 1 Efestech | 1 Video | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter. | |||||
| CVE-2008-4145 | 1 Addalink | 1 Addalink | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
| CVE-2008-5781 | 1 Cfagcms | 1 Cfagcms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in right.php in Cant Find A Gaming CMS (CFAGCMS) 1.0 Beta 1 allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||||
| CVE-2008-1957 | 1 Easyscripts | 1 Tr Script News | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode. | |||||
| CVE-2008-2277 | 1 Cmsnx | 1 Feedback And Rating Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in Feedback and Rating Script 1.0 allows remote attackers to execute arbitrary SQL commands via the listingid parameter. | |||||
| CVE-2008-5655 | 1 Myiosoft | 1 Easybookmarker | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmarker_backend.php or (b) ajaxp.php, different vectors than CVE-2008-5654. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-2123 | 1 Elvinbts | 1 Elvinbts | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php. NOTE: it was later reported that vector 3c also affects 1.2.2. | |||||
| CVE-2007-6602 | 1 Noserub | 1 Noserub | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in app/models/identity.php in NoseRub 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the username field to the login script. | |||||
| CVE-2007-6566 | 1 Xzero Scripts | 1 Xzero Community Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in post.php in XZero Community Classifieds 4.95.11 and earlier allows remote attackers to execute arbitrary SQL commands via the subcatid parameter to index.php. | |||||
| CVE-2008-1465 | 3 Detodas, Joomla, Mambo-foundation | 3 Com Restaurante, Joomla\!, Mambo | 2025-04-09 | 9.3 HIGH | N/A |
| SQL injection vulnerability in the Detodas Restaurante (com_restaurante) 1.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php, a different product than CVE-2008-0562. | |||||
| CVE-2008-4531 | 1 Drupal | 1 Brilliant Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to queries. NOTE: this might be the same issue as CVE-2008-4338. | |||||
| CVE-2007-1548 | 1 Webwizguide | 1 Web Wiz Forums | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote) sequences, which are collapsed into \'', as demonstrated via the name parameter to forum/pop_up_member_search.asp. | |||||
| CVE-2007-6380 | 1 E-xoops | 1 E-xoops | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and 1.05 Rev 1 through 3, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to (a) mylinks/ratelink.php, (b) adresses/ratefile.php, (c) mydownloads/ratefile.php, (d) mysections/ratefile.php, and (e) myalbum/ratephoto.php in modules/; the (2) bid parameter to (f) modules/banners/click.php; and the (3) gid parameter to (g) modules/arcade/index.php in a show_stats and play_game action, related issues to CVE-2007-5104 and CVE-2007-6266. | |||||
| CVE-2008-1872 | 1 Comdev | 1 Comdev News Publisher | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3804 | 1 Runcms | 1 Runcms | 2025-04-09 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter. | |||||
| CVE-2008-2853 | 1 Easy Webstore | 1 Easy Webstore | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Easy Webstore 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_path parameter. | |||||
| CVE-2009-0825 | 1 Torben Sorensen | 1 Tinx\/cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-4342 | 2 Melvin Mach, Typo3 | 2 Jobexchange, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Job Exchange (jobexchange) extension 0.0.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2009-2553 | 1 Supersimple | 1 Super Simple Blog Script | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in comments.php in Super Simple Blog Script 2.5.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the entry parameter. | |||||
| CVE-2022-41703 | 1 Apache | 1 Superset | 2025-04-08 | N/A | 5.4 MEDIUM |
| A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag "ALLOW_ADHOC_SUBQUERY" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0. | |||||