Total
18768 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-1874 | 1 Xpoze | 1 Xpoze Pro | 2026-04-23 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.05 and earlier allows remote authenticated users to execute arbitrary SQL commands via the reed parameter. | |||||
| CVE-2008-0422 | 1 Boastmachine | 1 Boastmachine | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mail.php in boastMachine (aka bMachine) 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4369 | 1 Availscript | 1 Availscript Photo Album | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pics.php in Availscript Photo Album allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2008-5777 | 1 Cadenix | 1 Cadenix | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CadeNix allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-5892 | 1 Icash | 1 Click\&email | 2026-04-23 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and (3) the PassWord parameter to admin_loginCheck.asp (aka the PASSWORD field in admin_main.asp). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-2819 | 1 Blognplus | 1 Blognplus | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and earlier MySQL and PostgreSQL editions allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-2767 | 1 Xigla | 1 Absolute Poll Manager Xe | 2026-04-23 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in search.asp in Xigla Poll Manager XE allows remote authenticated users with administrator role privileges to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2008-0447 | 1 Foojan | 1 Php Weblog | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 allows remote attackers to execute arbitrary SQL commands via the story parameter. | |||||
| CVE-2009-2311 | 2 Selbstzweck, Woltlab | 2 Rgallery Plugin, Burning Board | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627. | |||||
| CVE-2008-6365 | 1 Adserversolutions | 1 Ad Management Software | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Management Software Java allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, related to the uname or pass parameters to logon.jsp or logon_processing.jsp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6030 | 1 Netartmedia | 1 Jobs Portal | 2026-04-23 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3 allow remote attackers to execute arbitrary SQL commands via (1) the job parameter to index.php in the search module or (2) the news_id parameter to index.php. | |||||
| CVE-2008-2429 | 1 Calendarix | 1 Basic | 2026-04-23 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Calendarix Basic 0.8.20071118 allow remote attackers to execute arbitrary SQL commands via (1) the catsearch parameter to cal_search.php or (2) the catview parameter to cal_cat.php. NOTE: vector 1 might overlap CVE-2007-3183.3, and vector 2 might overlap CVE-2005-1865.2. | |||||
| CVE-2008-4706 | 1 Vbulletin | 1 Vbgooglemap | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a vBulletin module, allows remote attackers to execute arbitrary SQL commands via the mapid parameter in a showdetails action to (1) vbgooglemaphse.php and (2) mapa.php. | |||||
| CVE-2008-2560 | 1 Fourtwosevenbb | 1 427bb | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows remote attackers to execute arbitrary SQL commands via the post parameter. | |||||
| CVE-2008-5888 | 1 Icash | 1 Click\&rank | 2026-04-23 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp; (4) the userid parameter to admin_login.asp (aka the USERNAME field in admin.asp); and (5) the PassWord parameter to admin_login.asp (aka the PASSWORD field in admin.asp). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3063 | 2 Indianpulses, Joomla | 2 Com Gameserver, Joomla | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Game Server (com_gameserver) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a gamepanel action to index.php. | |||||
| CVE-2008-6456 | 2 Martin Helmich, Typo3 | 2 Hbook, Typo3 | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2009-0531 | 1 Ontarioabandonedplaces | 1 A Better Member-based Asp Photo Gallery | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter. | |||||
| CVE-2008-4203 | 1 Czaries | 1 Czarnews | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in cn_users.php in CzarNews 1.20 and earlier allows remote attackers to execute arbitrary SQL commands via a recook cookie. | |||||
| CVE-2009-4058 | 1 Telebidauctionscript | 1 Telebid Auction Script | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in allauctions.php in Telebid Auction Script allows remote attackers to execute arbitrary SQL commands via the aid parameter. | |||||