Total
18745 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6509 | 1 Igniterealtime | 1 Openfire | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp. | |||||
| CVE-2008-6017 | 1 I-rater | 1 I-rater Basic | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in messages.php in I-Rater Basic allows remote attackers to execute arbitrary SQL commands via the idp parameter. | |||||
| CVE-2008-4991 | 1 Ec-cube | 1 Ec-cube | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and earlier, 1.4.7 and earlier, and 1.5.0-beta2 and earlier; and Community Edition 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the parameter. | |||||
| CVE-2008-0734 | 1 Limbo Cms | 1 Limbo Cms | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php. | |||||
| CVE-2008-1313 | 1 Bill Roberts | 1 Bloo | 2026-04-23 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) post_id, (2) post_category_id, (3) post_year_month, and (4) static_page_id parameters; and unspecified other vectors. | |||||
| CVE-2007-5998 | 1 Softbizscripts | 1 Ad Management Plus Script | 2026-04-23 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in ads.php in Softbiz Ad Management plus Script 1 allows remote authenticated users to execute arbitrary SQL commands via the package parameter. | |||||
| CVE-2008-5877 | 1 Phpclanwebsite | 1 Phpclanwebsite | 2026-04-23 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php, (3) pcwlogin and (4) pcw_pass parameters to pcw/setlogin.php, (5) searchvalue parameter to pcw/downloads.php, and the (6) searchvalue and (7) whichfield parameter to pcw/downloads.php, a different vector than CVE-2006-0444. | |||||
| CVE-2008-3599 | 1 Openimpro | 1 Openimpro | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in image.php in OpenImpro 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0773 | 3 Joomla, Mambo, Phil Taylor | 4 Com Comments, Com Comments, Comments and 1 more | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Phil Taylor Comments (com_comments, aka Review Script) 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-3913 | 1 Xerox | 1 Fiery Webtools | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in summary.php in Xerox Fiery Webtools allows remote attackers to execute arbitrary SQL commands via the select parameter. | |||||
| CVE-2009-1650 | 1 Tenfourzero | 1 Shutter | 2026-04-23 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html. | |||||
| CVE-2008-1077 | 1 Mamboportal.com | 1 Simpleboard | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Simpleboard (com_simpleboard) 1.0.3 Stable component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action. | |||||
| CVE-2007-1163 | 1 Webspell | 1 Webspell | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. | |||||
| CVE-2008-6264 | 1 E-topbiz | 1 Slide Popups | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin.php in E-topbiz Slide Popups 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2008-3307 | 1 Youtube Blog | 1 Youtube Blog | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in todos.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-3306. | |||||
| CVE-2008-0326 | 1 Fascript | 1 Fapersianhack | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php. | |||||
| CVE-2008-3944 | 1 Discountedscripts | 1 Acg Ptp | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action. | |||||
| CVE-2009-4396 | 2 Fr.simon Rundell, Typo3 | 2 Pd Resources, Typo3 | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Diocese of Portsmouth Resources Database (pd_resources) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-3711 | 1 Phparcadescript | 1 Phparcadescript | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHPArcadeScript (PHP Arcade Script) 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter in a browse action. | |||||
| CVE-2008-2277 | 1 Cmsnx | 1 Feedback And Rating Script | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in detail.php in Feedback and Rating Script 1.0 allows remote attackers to execute arbitrary SQL commands via the listingid parameter. | |||||