Total
16216 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4716 | 1 Scriptdemo | 1 Php-lance | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2008-1305 | 2 Chieminger, Phpbb | 2 Filebase Module, Phpbb | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in filebase.php in the Filebase mod for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2921 | 1 Mocdesigns | 1 Php News | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field). | |||||
| CVE-2009-0332 | 1 Avbooklibrary | 1 Avbooklibrary | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AV Book Library before 1.1 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) admin/edit.php, (2) admin/add.php, (3) lib/book_search.php, and possibly other components. | |||||
| CVE-2007-2898 | 1 2z Project | 1 2z Project | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php. | |||||
| CVE-2008-2191 | 1 Postnuke Software Foundation | 1 Pnencyclopedia | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and earlier for PostNuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a display_term action to index.php. | |||||
| CVE-2007-1897 | 1 Wordpress | 1 Wordpress | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. | |||||
| CVE-2009-4560 | 1 Worms-league | 1 Webleague | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||||
| CVE-2008-4043 | 1 Aj Square | 1 Aj Hyip | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php and (2) prime/article/comment.php. | |||||
| CVE-2009-4166 | 2 Michal Hadr, Typo3 | 2 Mchtrips, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-6648 | 1 Ktools | 1 Photostore | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 and 3.5.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter to about_us.php. NOTE: this might be the same issue as CVE-2008-6647. | |||||
| CVE-2008-0449 | 1 Rocksalt International | 1 Vp Asp | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping Cart 6.50 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-3951 | 1 Vastal | 1 Agent Zone | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the ann_id parameter. | |||||
| CVE-2008-6460 | 2 Mirko Werner, Typo3 | 2 Mw Random Objects, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Simple Random Objects (mw_random_objects) extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-3267 | 1 Mojoscripts | 1 Mojojobs | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote attackers to execute arbitrary SQL commands via the cat_a parameter. | |||||
| CVE-2008-5767 | 1 Gazatem | 1 Gnews Publisher | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in authors.asp in gNews Publisher allows remote attackers to execute arbitrary SQL commands via the authorID parameter. | |||||
| CVE-2008-4092 | 1 Myphpnuke | 1 Myphpnuke | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter. | |||||
| CVE-2008-0939 | 1 Wordpress | 1 Photo Album Plugin | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-0965 | 1 Ismail Fahmi | 1 Ganesha Digital Library | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in functions/browse.php in Ganesha Digital Library (GDL) 4.0 and 4.2 allows remote attackers to execute arbitrary SQL commands via the node parameter in a browse action to gdl.php. | |||||
| CVE-2009-4477 | 1 Xstate | 1 Real Estate | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.html in Xstate Real Estate 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||