Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6848 | 1 Aspticker | 1 Aspticker | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO, possibly related to the Password parameter. | |||||
| CVE-2006-6038 | 1 Powie | 1 Pforum | 2017-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editpoll.php in Powie's PHP Forum (pForum) 1.29a and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2006-3904 | 1 Etomite | 1 Etomite | 2017-10-19 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-5198 | 1 Vizzed | 1 Acmlmboard | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 allows remote attackers to execute arbitrary SQL commands via the pow parameter. | |||||
| CVE-2007-3119 | 1 Kartli Alisveris Sistemi | 1 Kartli Alisveris Sistemi | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi (aka Free-PayPal-Shopping-Cart) 1.0 allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | |||||
| CVE-2008-2815 | 1 Mymarket | 1 Mymarket | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in shopping/index.php in MyMarket 1.72 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-2803 | 1 Vizayn Urun | 1 Tanitim Sitesi | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action. | |||||
| CVE-2007-2673 | 1 Censura | 1 Censura | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/funcs_vendors.php in Censura 1.15.04, and other versions before 1.16.04, allows remote attackers to execute arbitrary SQL commands via the vendorid parameter in a vendor_info cmd action to censura.php. | |||||
| CVE-2007-2571 | 1 Xoops | 1 Wfquotes Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the wfquotes 1.0 0 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | |||||
| CVE-2007-2000 | 1 Raphael Limbach | 1 Crea-book | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter. | |||||
| CVE-2007-1962 | 1 Xoops | 2 Wf-snippets, Xoops | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the WF-Snippets 1.02 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the c parameter in a cat action. | |||||
| CVE-2007-1960 | 1 Xoops | 1 Rha7 Downloads Module | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in visit.php in the Rha7 Downloads (rha7downloads) 1.0 module for XOOPS, and possibly other versions up to 1.10, allows remote attackers to execute arbitrary SQL commands via the lid parameter. | |||||
| CVE-2007-1899 | 1 Mywebland | 1 Mybloggie | 2017-10-11 | 5.1 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 allow remote attackers to execute arbitrary SQL commands via (1) the user_id parameter in a viewuser action to index.php, and allow remote authenticated administrators to execute arbitrary SQL commands via (2) the post_id parameter in an edit action to admin.php. | |||||
| CVE-2007-1920 | 1 Smodbip | 1 Smodbip | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the aktualnosci module in SmodBIP 1.06 and earlier allows remote attackers to execute arbitrary SQL commands via the zoom parameter, possibly related to home.php. | |||||
| CVE-2007-1897 | 1 Wordpress | 1 Wordpress | 2017-10-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users to execute arbitrary SQL commands via a string parameter value in an XML RPC mt.setPostCategories method call, related to the post_id variable. | |||||
| CVE-2008-1551 | 1 Runcms | 2 Photo Module, Runcms | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in the Photo 3.02 module for RunCMS allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2007-3447 | 1 Bugmall | 1 Shopping Cart | 2017-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the "basic search box." NOTE: 4.0.2 and other versions might also be affected. | |||||
| CVE-2008-3954 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showcat action. | |||||
| CVE-2007-1776 | 1 Design For Joomla | 1 D4j Ezine | 2017-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in the DesignForJoomla.com D4J eZine (com_ezine) 2.8 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the article parameter in a read action. | |||||
| CVE-2007-1163 | 1 Webspell | 1 Webspell | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. | |||||
| CVE-2007-0985 | 1 Phpcc | 1 Phpcc | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and earlier allows remote attackers to execute arbitrary SQL commands via the npid parameter in a sign_gb action. | |||||
| CVE-2007-0984 | 1 Aspcode.net | 1 Pollmentor | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to pollmentorres.asp. | |||||
| CVE-2006-7116 | 1 Kubix | 1 Kubix | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php. | |||||
| CVE-2004-1553 | 1 Fullrevolution | 1 Aspwebalbum | 2017-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action. | |||||
| CVE-2005-0413 | 1 Myphp Forum | 1 Myphp Forum | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier. | |||||
| CVE-2014-8596 | 1 Php-fusion | 1 Php-fusion | 2017-10-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php. | |||||
| CVE-2009-2014 | 1 Joomla | 2 Com School, Joomla | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ComSchool (com_school) component 1.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the classid parameter in a showclass action to index.php. | |||||
| CVE-2009-2016 | 1 Virtuenetz | 1 Virtue Shopping Mall | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in products.php in Virtue Shopping Mall allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2009-2017 | 1 Virtuenetz | 1 Virtue Book Store | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in products.php in Virtue Book Store allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2009-2018 | 1 Jaredeckersley | 1 Mycars | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authuserid parameter. | |||||
| CVE-2009-2013 | 1 Frontisgroup | 1 Frontis | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bin/aps_browse_sources.php in Frontis 3.9.01.24 allows remote attackers to execute arbitrary SQL commands via the source_class parameter in a browse_classes action. | |||||
| CVE-2009-1952 | 1 Propertymaxpro | 1 Propertymax Pro Free | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the administrative login feature in PropertyMax Pro FREE 0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-1950 | 1 Ahmet Donmez | 1 Webeyes Guest Book | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 allows remote attackers to execute arbitrary SQL commands via the mesajid parameter. | |||||
| CVE-2009-2019 | 1 Virtuenetz | 1 Virtue News Manager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news_detail.php in Virtue News Manager allows remote attackers to execute arbitrary SQL commands via the nid parameter. | |||||
| CVE-2009-1853 | 1 Kenseiboard | 1 Kensei Board | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Kensei Board 2.0 BETA (aka 2.0.0b) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) f and (2) t parameters in a showforum action. | |||||
| CVE-2009-1913 | 1 Luxbum | 1 Luxbum | 2017-09-29 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in manager.php in LuxBum 0.5.5, when magic_quotes_gpc is disabled and dotclear authentication is used, allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | |||||
| CVE-2009-1945 | 1 Tzo | 1 Webcal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 allows remote attackers to execute arbitrary SQL commands via the event_id parameter. | |||||
| CVE-2009-1947 | 1 Newsboard | 1 Unclassified Newsboard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the UnbDbEncode function in unb_lib/database.lib.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote attackers to execute arbitrary SQL commands via the Query parameter in a search action to forum.php, a different vector than CVE-2005-3686. | |||||
| CVE-2009-2021 | 1 Virtuenetz | 1 Virtue Classifieds | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in Virtue Classifieds allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2009-1852 | 1 Graphiks | 1 Myforum | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields. | |||||
| CVE-2009-1816 | 1 Mygamescript | 1 My Game Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-1818 | 1 Maxcms | 1 Maxcms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via an m_username cookie in an add action. | |||||
| CVE-2009-1819 | 1 2daybiz | 1 Custom T-shirt Design Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-1813 | 1 Submitterscript | 1 Submitterscript | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field). | |||||
| CVE-2009-1814 | 1 Jevontech | 1 Phpenpals | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074. | |||||
| CVE-2009-1810 | 1 Collector | 1 Mycolex | 2017-09-29 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) medium.php, (4) person.php, or (5) schlagwort.php in modules/, related to classes/class.perform.php. | |||||
| CVE-2009-1799 | 1 Sebastian-thiele | 1 St-gallery | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) gallery_category or (2) gallery_show parameter to example.php. | |||||
| CVE-2009-1812 | 1 Collector | 1 Mygesuad | 2017-09-29 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php. | |||||
| CVE-2009-1804 | 1 Videoscript | 1 Youtube Video Script | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | |||||
| CVE-2009-1848 | 2 Joomla, Joomlame | 2 Joomla, Com Agoragroup | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php. | |||||