Total
16228 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-0582 | 1 Chernobile | 1 Chernobile | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows remote attackers to execute arbitrary SQL commands via the User (username) field. | |||||
| CVE-2009-2428 | 1 Tauschregal.de | 1 Tausch Ticket Script | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow remote attackers to execute arbitrary SQL commands via the (1) userid parameter to suchauftraege_user.php and the (2) descr parameter to vote.php; and other unspecified vectors. | |||||
| CVE-2009-2786 | 2 Punbb, Reputation | 2 Punbb, Reputation | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter. | |||||
| CVE-2008-6696 | 2 Manu Oehler, Typo3 | 2 Toto, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2009-3330 | 1 Cpecreator | 1 Cp Creator | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in cP Creator 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tickets parameter in a support ticket action. | |||||
| CVE-2008-4093 | 1 Yourownbux | 1 Yourownbux | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. | |||||
| CVE-2007-0527 | 1 Website Baker | 1 Website Baker | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the is_remembered function in class.login.php in Website Baker 2.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the REMEMBER_KEY cookie parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0920 | 1 Open Source Security Information Management | 1 Os-sim | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression. | |||||
| CVE-2007-5976 | 1 Phpmyadmin | 1 Phpmyadmin | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to execute arbitrary SQL commands via the db parameter. | |||||
| CVE-2008-6663 | 1 Phpauctions | 1 Phpauctions | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106. | |||||
| CVE-2008-0543 | 1 Pre Projects | 1 Pre Dynamic Institution | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pre Dynamic Institution allow remote attackers to execute arbitrary SQL commands via the (1) sloginid and (2) spass parameters to (a) login.asp and (b) siteadmin/login.asp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4456 | 2 Mambo, Parkview Consultants | 2 Mambo, Simplefaq | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo. | |||||
| CVE-2008-6328 | 1 Butterflymedia | 1 Butterfly Organizer | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 and 2.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-3417 | 1 Fipsasp | 1 Fipscms Light | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the r parameter, a different vector than CVE-2006-6115 and CVE-2007-2561. | |||||
| CVE-2009-2788 | 1 Mobilelib | 1 Mobilelib Gold | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php. | |||||
| CVE-2008-3762 | 1 Turnkeywebtools | 1 Php Live Helper | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php. | |||||
| CVE-2008-3377 | 1 Brandon Tallent | 1 Phptest | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter. | |||||
| CVE-2008-3302 | 1 Tuxplanet | 1 Bilboblog | 2025-04-09 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter. | |||||
| CVE-2009-4475 | 2 Joomla, Joomlub | 2 Joomla\!, Com Joomlub | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php. | |||||
| CVE-2008-1641 | 1 Efestech | 1 Video | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in EfesTECH Video 5.0 allows remote attackers to execute arbitrary SQL commands via the catID parameter. | |||||