Total
16047 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1218 | 1 Freelancerkit | 1 Freelancerkit | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (1) notes and (2) tickets components. | |||||
| CVE-2010-0981 | 2 Joomla, Templateplazza | 2 Joomla\!, Com Tpjobs | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the TPJobs (com_tpjobs) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id_c[] parameter in a resadvsearch action to index.php. | |||||
| CVE-2012-5312 | 1 Tribiq | 1 Tribiq Cms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Tribiq CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2012-5334 | 1 Preprojects | 1 Pre Printing Press | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_desc.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2010-1743 | 1 Satyadeep | 1 Scratcher | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in projects.php in Scratcher allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-0672 | 1 Webmastersite | 1 Wsn Guest | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WSN Guest 1.02 allows remote attackers to execute arbitrary SQL commands via the orderlinks parameter. | |||||
| CVE-2013-0135 | 1 Chatelao | 1 Php Address Book | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) addressbook/register/delete_user.php, (2) addressbook/register/edit_user.php, or (3) addressbook/register/edit_user_save.php; the email parameter to (4) addressbook/register/edit_user_save.php, (5) addressbook/register/reset_password.php, (6) addressbook/register/reset_password_save.php, or (7) addressbook/register/user_add_save.php; the username parameter to (8) addressbook/register/checklogin.php or (9) addressbook/register/reset_password_save.php; the (10) lastname, (11) firstname, (12) phone, (13) permissions, or (14) notes parameter to addressbook/register/edit_user_save.php; the (15) q parameter to addressbook/register/admin_index.php; the (16) site parameter to addressbook/register/linktick.php; the (17) password parameter to addressbook/register/reset_password.php; the (18) password_hint parameter to addressbook/register/reset_password_save.php; the (19) var parameter to addressbook/register/traffic.php; or a (20) BasicLogin cookie to addressbook/register/router.php. | |||||
| CVE-2009-4936 | 1 Spirate | 1 Small Pirate | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php. | |||||
| CVE-2012-2762 | 1 S9y | 1 Serendipity | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php. | |||||
| CVE-2012-6273 | 1 Bigantsoft | 1 Bigant Im Message Server | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BigAntSoft BigAnt IM Message Server allows remote attackers to execute arbitrary SQL commands via an SHU (aka search user) request. | |||||
| CVE-2011-4559 | 1 Vtiger | 1 Vtiger Crm | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. | |||||
| CVE-2010-2516 | 1 2daybiz | 1 Multi Level Marketing Software | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in 2daybiz Multi Level Marketing (MLM) Software allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) index.php and (2) admin/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-7267 | 1 Boka | 1 Siteengine | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2010-1341 | 1 Systemsoftware | 1 Community Black Forum | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Systemsoftware Community Black Forum allows remote attackers to execute arbitrary SQL commands via the s_flaeche parameter. | |||||
| CVE-2010-5001 | 1 Esoftpro | 1 Online Contact Manager | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in esoftpro Online Contact Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-4865 | 1 I-escorts | 2 I-escorts Agency Script, I-escorts Directory Script | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2013-3537 | 1 Wesley Destailleur | 1 Todoo Forum | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter. | |||||
| CVE-2010-2614 | 1 Grafik-power | 1 Grafik Cms | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit_page action. | |||||
| CVE-2010-1109 | 1 Djayp | 1 Phpmysport | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) v2 parameter in a member view action, (2) v1 parameter in a news action, (3) v1 parameter in an information action, (4) v2 parameter in a team view action, (5) v2 parameter in a club view action, or (6) v2 parameter in a matches view action. | |||||
| CVE-2010-4959 | 1 Preproject | 1 Pre Podcast Portal | 2025-04-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login feature in Pre Projects Pre Podcast Portal allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||