Total
16219 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-3318 | 1 Spiffyjr | 1 Phpraid | 2025-04-03 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters. | |||||
| CVE-2002-2305 | 1 Phpsecure.org | 1 Immobilier | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in agentadmin.php in Immobilier allows remote attackers to execute arbitrary SQL commands via the (1) agentname or (2) agentpassword parameter. | |||||
| CVE-2006-1500 | 1 Tilde | 1 Tilde Cms | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-2268 | 1 Flexcustomer | 1 Flexcustomer | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. NOTE: it was later reported that 0.0.6 is also affected. | |||||
| CVE-2005-4515 | 1 Lois Software | 1 Webdb | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WebDB 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search parameters, possibly Search0. NOTE: the vendor has disputed this issue, saying that "WebDB is a generic online database system used by many of the clients of Lois Software. The flaw that was identified was some code that was added for a client to do some testing of his system and only certain safe commands were allowed. This code has now been removed and it is not now possible to use SQL queries as part of the query string. No installation or patch is required All clients use a common code library and have their own front end and databases and connections. So as soon as a change / upgrade / enhancement is made to the code, all users of the software begin to use the latest changes immediately." Since the issue appeared in a custom web site and no action is required on the part of customers, this issue should not be included in CVE | |||||
| CVE-2005-3748 | 1 Tru-zone | 1 Nukeet | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Search module in Tru-Zone Nuke ET 3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||
| CVE-2005-4040 | 1 Tawbaware | 1 Filelister | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FileLister 0.51 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameters, possibly the searchwhat parameter to definesearch.jsp. | |||||
| CVE-2003-0377 | 1 Iisprotect | 1 Iisprotect | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable in SiteAdmin.ASP. | |||||
| CVE-2006-3823 | 1 Geodesicsolutions | 2 Geoauctions Premier, Geoclassifieds Basic | 2025-04-03 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter. | |||||
| CVE-2004-2751 | 1 Postnuke Software Foundation | 1 Postnuke | 2025-04-03 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | |||||
| CVE-2004-2716 | 1 Php Heaven | 1 Phpmychat | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters. | |||||
| CVE-2005-4073 | 1 Cfmagic | 1 Magic List Pro | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_archive.cfm in CFMagic Magic List Pro 2.5 allows remote attackers to execute arbitrary SQL commands via the ListID parameter. | |||||
| CVE-2005-3845 | 1 Ezinvoiceinc | 1 Ez Invoice Inc | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email support@ezinvoiceinc.com and EZI will email you the patch to fix this small issue." | |||||
| CVE-2006-0961 | 1 Cilem | 1 Cilem Haber | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows remote attackers to execute arbitrary SQL commands via the haber_id parameter. NOTE: this product has also been referred to as "Cilem News," although that does not appear to be the proper name. | |||||
| CVE-2006-2973 | 1 Php Lite | 1 Calendar Express | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in month.php in PHP Lite Calendar Express 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) catid and (2) cid parameter. NOTE: this might be a duplicate of CVE-2005-4009.c. | |||||
| CVE-2003-0845 | 1 Jboss | 1 Jboss | 2025-04-03 | 7.5 HIGH | N/A |
| Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8. | |||||
| CVE-2005-3553 | 1 Phpkit | 1 Phpkit | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable). | |||||
| CVE-2005-0413 | 1 Myphp Forum | 1 Myphp Forum | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier. | |||||
| CVE-2005-4071 | 1 Cfmagic | 1 Magic Forum Personal | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm. | |||||
| CVE-2006-2157 | 1 Plogger | 1 Plogger | 2025-04-03 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". NOTE: This is a different vulnerability than CVE-2005-4246. | |||||