Total
18798 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6180 | 1 Newlife Blogger | 1 Newlife Blogger | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie. | |||||
| CVE-2008-2336 | 1 68 Classifieds | 1 68 Classifieds | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2007-4808 | 1 Tlm Cms | 1 Tlm Cms | 2026-04-23 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter to affichage.php, (5) the id_sal parameter to mod_forum/afficher.php, or (6) the id_sujet parameter to mod_forum/messages.php. NOTE: it was later reported that goodies.php and affichage.php scripts are reachable through index.php, and 1.1 is also affected. NOTE: it was later reported that the goodies.php vector also affects 3.1. | |||||
| CVE-2008-6260 | 1 Ultrastats | 1 Ultrastats | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Ultrastats 0.2.144 and 0.3.11 allows remote attackers to execute arbitrary SQL commands via the serverid parameter. | |||||
| CVE-2009-3439 | 1 Alienvault | 1 Ossim | 2026-04-23 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Open Source Security Information Management (OSSIM) before 2.1.2 allow remote authenticated users to execute arbitrary SQL commands via the id_document parameter to (1) repository_document.php, (2) repository_links.php, and (3) repository_editdocument.php in repository/; the (4) group parameter to policy/getpolicy.php; the name parameter to (5) host/newhostgroupform.php and (6) net/modifynetform.php; and unspecified other vectors related to the policy menu. | |||||
| CVE-2008-6381 | 1 Bcoos | 1 Bcoos | 2026-04-23 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-2897 | 1 Pagesquid | 1 Pagesquid Cms | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2008-4039 | 1 Spice Classifieds | 1 Spice Classifieds | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Spice Classifieds allows remote attackers to execute arbitrary SQL commands via the cat_path parameter. | |||||
| CVE-2008-6015 | 1 Editeurscripts | 1 Esfaq | 2026-04-23 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) keywords and (2) cat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4656 | 1 Typo3 | 2 Frontend Users View, Typo3 | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Frontend Users View (feusersview) 0.1.6 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6188 | 1 Gforge | 1 Gforge | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in people/editprofile.php in Gforge 4.6 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the skill_edit[] parameter. | |||||
| CVE-2008-1791 | 1 Mygamingladder | 1 Mygamingladder | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the ladderid parameter. | |||||
| CVE-2008-6332 | 1 Simplecustomer | 1 Simple Customer | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Simple Customer 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2007-5187 | 1 Php-fusion | 1 Expanded Calendar Module | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter. | |||||
| CVE-2008-4904 | 1 Typosphere | 1 Typo | 2026-04-23 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the "Manage pages" feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with "blog publisher" rights to execute arbitrary SQL commands via the search[published_at] parameter. | |||||
| CVE-2008-6111 | 1 Netart Media | 1 Vlog System | 2026-04-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in blog.php in NetArt Media Vlog System 1.1 allows remote attackers to execute arbitrary SQL commands via the note parameter. | |||||
| CVE-2007-1573 | 1 Jelsoft | 1 Vbulletin | 2026-04-23 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in admincp/attachment.php in Jelsoft vBulletin 3.6.5 allows remote authenticated administrators to execute arbitrary SQL commands via the "Attached Before" field. | |||||
| CVE-2009-3327 | 1 Webilix | 1 Wx-guestbook | 2026-04-23 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the (1) QUERY parameter to search.php and (2) USERNAME parameter to login.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-2230 | 1 Broadcom | 1 Cleverpath Portal | 2026-04-23 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in CA Clever Path Portal allows remote authenticated users to execute limited SQL commands and retrieve arbitrary database contents via (1) the ofinterest parameter in a light search query, (2) description parameter in the advanced search query, and possibly other vectors. | |||||
| CVE-2008-3129 | 1 Catviz | 1 Catviz | 2026-04-23 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta 1 allow remote attackers to execute arbitrary SQL commands via the (1) foreign_key_value parameter in the news page and (2) webpage parameter in the webpage_multi_edit form. | |||||