Total
19448 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4161 | 1 Assetman | 1 Assetman | 2026-06-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action. | |||||
| CVE-2008-4159 | 1 Zanfi Solutions | 2 Jaw Portal, Zanfi Cms Lite | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter. | |||||
| CVE-2008-4157 | 1 Vastal | 1 Phpvid | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected. | |||||
| CVE-2008-4156 | 1 Customcms | 1 Gaming Portal | 2026-06-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Portal 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4154 | 1 Living-e | 1 Webedition Cms | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in living-e webEdition CMS allows remote attackers to execute arbitrary SQL commands via the we_objectID parameter. | |||||
| CVE-2008-4150 | 1 Dieselscripts | 1 Diesel Joke Site | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3763. | |||||
| CVE-2008-4148 | 1 Drupal | 1 Mailhandler | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API. | |||||
| CVE-2008-4145 | 1 Addalink | 1 Addalink | 2026-06-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in user_read_links.php in Addalink 1.0 beta 4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
| CVE-2008-4144 | 1 Discountedscripts | 1 E-gold Script Shop | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold Script Shop allows remote attackers to execute arbitrary SQL commands via the cid parameter in a showcat action. | |||||
| CVE-2008-4143 | 1 Razorecommerce | 1 Shopping Cart | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category_search.php in RazorCommerce Shopping Cart allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4142 | 1 Ephpscripts | 1 E-php Cms | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in E-Php CMS allows remote attackers to execute arbitrary SQL commands via the es_id parameter. | |||||
| CVE-2008-4094 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) :limit and (2) :offset parameters, related to ActiveRecord, ActiveSupport, ActiveResource, ActionPack, and ActionMailer. | |||||
| CVE-2008-4093 | 1 Yourownbux | 1 Yourownbux | 2026-06-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and 3.2 beta, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. | |||||
| CVE-2008-4092 | 1 Myphpnuke | 1 Myphpnuke | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the artid parameter. | |||||
| CVE-2008-4091 | 1 Source Workshop | 1 Web Directory Script | 2026-06-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Web Directory Script 1.5.3 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. | |||||
| CVE-2008-4090 | 1 Couponscript | 1 Coupon Script | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an addtocart action, a different vector than CVE-2007-2672. | |||||
| CVE-2008-4088 | 1 Myphpnuke | 1 Myphpnuke | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2008-4086 | 1 Source Workshop | 1 Reciprocal Links Manager | 2026-06-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Reciprocal Links Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the site parameter in an open action. | |||||
| CVE-2008-4084 | 1 Myiosoft | 1 Easyclassifields | 2026-06-16 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action. | |||||
| CVE-2008-4082 | 1 Brim-project | 1 Brim | 2026-06-16 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php. | |||||