Total
16219 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-0318 | 1 Insane Visions | 1 Blogphp | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | |||||
| CVE-2006-2128 | 1 Deltascripts | 1 Pro Publish | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php. | |||||
| CVE-2005-4232 | 1 Jamit | 1 Jamit Job Board | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the vendor has disputed this issue, saying "The vulnerability is without any basis and did not actually work." CVE has not verified either the vendor or researcher statements, but the original researcher is known to make frequent mistakes when reporting SQL injection | |||||
| CVE-2006-3960 | 1 X-scripts | 1 X-poll | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-2363 | 1 Limbo Cms | 1 Limbo Cms | 2025-04-03 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in the weblinks option (weblinks.html.php) in Limbo CMS allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2006-0750 | 1 Supersmashbrothers | 1 Army System | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php. | |||||
| CVE-2002-2277 | 1 Portail Web Php | 1 Portail Web Php | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod_search/index.php in PortailPHP 0.99 allows remote attackers to execute arbitrary SQL commands via the (1) $rech, (2) $BD_Tab_docs, (3) $BD_Tab_file, (4) $BD_Tab_liens, (5) $BD_Tab_faq, or (6) $chemin variables. | |||||
| CVE-2005-0252 | 1 Guillaumegardey | 1 Biborb | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password. | |||||
| CVE-2003-1504 | 1 Goldscripts | 1 Goldlink | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in variables.php in Goldlink 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) vadmin_login or (2) vadmin_pass cookie in a request to goldlink.php. | |||||
| CVE-2006-0123 | 1 Adn Forum | 1 Adn Forum | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and possibly other vectors. | |||||
| CVE-2005-4617 | 1 Forperfect | 1 Csupport | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pg parameter. | |||||
| CVE-2006-3775 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the init function in class_session.php in MyBB (aka MyBulletinBoard) 1.1.5 allows remote attackers to execute arbitrary SQL commands via the CLIENT-IP HTTP header ($_SERVER['HTTP_CLIENT_IP'] variable), as utilized by index.php. | |||||
| CVE-2004-0366 | 1 Pam-pgsql | 1 Pam-pgsql | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements. | |||||
| CVE-2004-1925 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php. | |||||
| CVE-2006-2259 | 1 Maxxcode | 1 Maxxschedule | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows remote attackers to execute arbitrary SQL commands via the txtLogon parameter. | |||||
| CVE-2005-4228 | 1 Phpwebgallery | 1 Phpwebgallery | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. NOTE: it was later reported that the comments.php/sort_by vector also affects 1.7.2 and earlier. | |||||
| CVE-2002-2383 | 1 F2html.pl | 1 F2html.pl | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in f2html.pl 0.1 through 0.4 allows remote attackers to execute arbitrary SQL commands via file names. | |||||
| CVE-2006-4756 | 1 Accomplishtechnology | 1 Phpmydirectory | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and earlier allows remote attackers to execute arbitrary SQL commands via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2005-3996 | 1 Zen-cart | 1 Zen Cart | 2025-04-03 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter. | |||||
| CVE-2002-0999 | 1 Care 2002 | 1 Care 2002 | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unauthorized database operations. | |||||