Total
18761 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3131 | 1 Powie | 1 Psys | 2026-04-23 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showid parameter. | |||||
| CVE-2008-0849 | 2 Joomla, Mambo | 2 Com Downloads, Com Downloads | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652. | |||||
| CVE-2003-1573 | 1 Sun | 1 J2ee | 2026-04-23 | 10.0 HIGH | N/A |
| The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages." | |||||
| CVE-2007-5974 | 1 Jportal | 1 Jportal Web Portal | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mailer.php in JPortal 2 allows remote attackers to execute arbitrary SQL commands via the to parameter. | |||||
| CVE-2008-0089 | 1 Clip-share | 1 Clipshare | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter. | |||||
| CVE-2008-1486 | 1 Phorum | 1 Phorum | 2026-04-23 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search. | |||||
| CVE-2008-1459 | 4 Joomla, Joomlaitalia, Mambo and 1 more | 4 Joomla, Com Alberghi, Mambo and 1 more | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | |||||
| CVE-2009-3974 | 1 Invisioncommunity | 1 Invision Power Board | 2026-04-23 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Invision Power Board (IPB or IP.Board) 3.0.0, 3.0.1, and 3.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) search_term parameter to admin/applications/core/modules_public/search/search.php and (2) aid parameter to admin/applications/core/modules_public/global/lostpass.php. NOTE: on 20090818, the vendor patched 3.0.2 without changing the version number. | |||||
| CVE-2009-3514 | 1 Marcin Manek | 1 D.net Cms | 2026-04-23 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admin/index.php. | |||||
| CVE-2009-2593 | 1 Censura | 1 Censura | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in censura.php in Censura 1.16.04 allows remote attackers to execute arbitrary SQL commands via the itemid parameter in a details action. | |||||
| CVE-2009-3754 | 1 Kreotek | 1 Phpbms | 2026-04-23 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to modules/bms/invoices_discount_ajax.php, (2) f parameter to dbgraphic.php, and (3) tid parameter in a show action to advancedsearch.php. | |||||
| CVE-2008-6284 | 1 1scripts | 1 Z1exchange | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows remote attackers to execute arbitrary SQL commands via the site parameter. | |||||
| CVE-2008-4570 | 1 Real-estate-scripts | 1 Real-estate-scripts | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Real Estate Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-3672 | 1 Pozscripts | 1 Classified Ads | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showcategory.php in PozScripts Classified Ads allows remote attackers to execute arbitrary SQL commands via the cid parameter, a different vector than CVE-2008-3673. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-0721 | 1 Mambo | 1 Com Sermon | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter. | |||||
| CVE-2008-3355 | 1 Camera Life | 1 Camera Life | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action. | |||||
| CVE-2009-4414 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-23 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the passwd parameter to login.php. | |||||
| CVE-2008-0937 | 2 Tinyevent, Xoops | 2 Tinyevent, Tiny Event Module | 2026-04-23 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811. | |||||
| CVE-2007-5912 | 1 Jportal | 1 Jportal Web Portal | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote attackers to execute arbitrary SQL commands via the to parameter. | |||||
| CVE-2008-6852 | 2 Joomla, Markus Donhauser | 2 Joomla\!, Ice Gallery Component For Joomla | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||