Total
18800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3973 | 1 Turnkeyarcade | 1 Turnkey Arcade Script | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629. | |||||
| CVE-2007-1469 | 1 Xigla | 1 Absolute Image Gallery Xe | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery.asp in Absolute Image Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the categoryid parameter in a viewimage action. | |||||
| CVE-2008-6322 | 1 Cfmsource | 1 Cfmblog | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter. | |||||
| CVE-2007-1250 | 1 Angel Learning | 1 Learning Management Suite | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in section/default.asp in ANGEL Learning Management Suite (LMS) 7.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-2670 | 1 Insanelysimple2 | 1 Isblog | 2026-04-23 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Insanely Simple Blog 0.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter, or (2) the term parameter in a search action. NOTE: the current_subsection parameter is already covered by CVE-2007-3889. | |||||
| CVE-2008-3251 | 1 Tpl Design | 1 Tplsoccersite | 2026-04-23 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the opp parameter to tampereunited/opponent.php; or the id parameter to (2) index.php, (3) player.php, (4) matchdetails.php, or (5) additionalpage.php in tampereunited/. | |||||
| CVE-2008-2850 | 1 Drupal | 1 Trailscout Module | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API. | |||||
| CVE-2008-3383 | 1 Mojoscripts | 1 Mojoauto | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote attackers to execute arbitrary SQL commands via the cat_a parameter in a browse action. | |||||
| CVE-2009-2018 | 1 Jaredeckersley | 1 Mycars | 2026-04-23 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authuserid parameter. | |||||
| CVE-2008-2676 | 1 Joomla | 2 Com News Portal, Joomla | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the iJoomla News Portal (com_news_portal) component 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. | |||||
| CVE-2008-1513 | 1 Danneo | 1 Cms | 2026-04-23 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header. | |||||
| CVE-2009-3491 | 2 Joomla, Kinfusion | 2 Joomla\!, Com Sportfusion | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php. | |||||
| CVE-2008-2652 | 1 Smeweb | 1 Smeweb | 2026-04-23 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters. | |||||
| CVE-2008-2918 | 1 Application Dynamics | 1 Cartweaver | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in details.php in Application Dynamics Cartweaver 3.0 allows remote attackers to execute arbitrary SQL commands via the prodId parameter, possibly a related issue to CVE-2006-2046.3. | |||||
| CVE-2007-6138 | 1 Vu | 1 Mass Mailer | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in redir.asp in VU Mass Mailer allows remote attackers to execute arbitrary SQL commands via the password parameter to Default.asp (aka the Login Page). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2534 | 1 Phphoo3 | 1 Phphoo3 | 2026-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use | |||||
| CVE-2008-4732 | 2 Pressography, Wordpress | 2 Wp Comment Remix Plugin, Wordpress | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2008-1732 | 1 Predictionfootball | 1 Predictionfootball | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action. | |||||
| CVE-2008-3682 | 1 Ypninc | 1 Php Realty | 2026-04-23 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter. | |||||
| CVE-2009-4428 | 2 Joomla, Joomplace | 2 Joomla, Com Joomportfolio | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) component 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the secid parameter in a showcat action to index.php. | |||||