Total
16215 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0922 | 1 Php-nuke | 1 Manuales | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewdownload action to modules.php. | |||||
| CVE-2008-4348 | 1 Outshine | 1 Phportfolio | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1464 | 1 Gallarific | 1 Gallarific | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) query parameter to (a) search.php; (2) gusername and (3) gpassword parameters to (b) login.php; and the (4) username and (5) password parameters to (c) gadmin/index.php in a signin action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2009-3644 | 2 Joomla, Soundset | 2 Joomla\!, Com Soundset | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Soundset (com_soundset) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to index.php. | |||||
| CVE-2008-6323 | 1 Cfmsource | 1 Cf Auction | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forummessages.cfm in CFMSource CF_Auction allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter. | |||||
| CVE-2008-1608 | 1 Clever Copy | 1 Clever Copy | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583. | |||||
| CVE-2009-3758 | 1 Citrix | 1 Xencenterweb | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6454 | 1 6rbscript | 1 6rbscript | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in section.php in 6rbScript 3.3 allows remote attackers to execute arbitrary SQL commands via the singerid parameter in a singers action. | |||||
| CVE-2008-3888 | 1 Aspindir | 1 Mini Nuke Freehost | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a member_details action. | |||||
| CVE-2007-6667 | 1 Myphp | 1 Myphp Forum | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the member.php vector is already covered by CVE-2005-0413. | |||||
| CVE-2007-6091 | 1 Jiro | 1 Banner System | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in files/login.asp in JiRo's Banner System (JBS) 2.0, and possibly JiRo's Upload Manager (aka JiRo's Upload System or JUS), allow remote attackers to execute arbitrary SQL commands via the (1) Username (aka Login or Email) or (2) Password field. | |||||
| CVE-2009-0279 | 1 Pardalcms | 1 Pardalcms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6146 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a delete##### parameter in a Delete action, a different vector than CVE-2005-2989. | |||||
| CVE-2007-3119 | 1 Kartli Alisveris Sistemi | 1 Kartli Alisveris Sistemi | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) 1.0 allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | |||||
| CVE-2007-6622 | 1 Zeuscms | 1 Zeuscms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. | |||||
| CVE-2008-5631 | 1 Activewebsoftwares | 1 Active Ewebquiz | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-1918 | 1 Php-fusion | 1 Php-fusion | 2025-04-09 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected. | |||||
| CVE-2008-1646 | 2 Arnos Toolbox, Wordpress | 2 Wp-download, Wp Download | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-download.php in the WP-Download 1.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the dl_id parameter. | |||||
| CVE-2008-4373 | 1 Availscript | 1 Availscript Jobs Portal Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in job_seeker/applynow.php in AvailScript Job Portal Script allows remote attackers to execute arbitrary SQL commands via the jid parameter. | |||||
| CVE-2008-1591 | 1 Postnuke | 1 Postnuke | 2025-04-09 | 7.5 HIGH | N/A |
| The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magic_quotes_runtime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENT_IP HTTP header (HTTP_CLIENT_IP variable). | |||||