Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4877 | 1 Mywebcards | 1 Webcards | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4879 | 1 Maran | 1 Php Shop | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880. | |||||
| CVE-2008-4880 | 1 Maran | 1 Php Shop | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879. | |||||
| CVE-2008-4881 | 1 Yourfreeworld | 1 Reminder Service Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4882 | 1 Yourfreeworld | 1 Autoresponder Hosting Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4883 | 1 Yourfreeworld | 1 Blog Blaster Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4884 | 1 Yourfreeworld | 1 Classifieds Hosting Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4885 | 1 Yourfreeworld | 1 Scrolling Text Ads Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4886 | 1 Yourfreeworld | 1 Shopping Cart Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in YourFreeWorld Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the c parameter. | |||||
| CVE-2008-4887 | 1 Netrisk | 1 Netrisk | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) profile page (profile.php) or (2) game page (game.php). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4889 | 1 Dev\!l\'s | 1 Clanportal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action. | |||||
| CVE-2008-4890 | 1 1st News | 1 4 Professional | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in products.php in 1st News 4 Professional (PR 1) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4895 | 1 Yourfreeworld | 1 Downline Builder Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4897 | 1 Logz | 1 Logz | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in fichiers/add_url.php in Logz podcast CMS 1.3.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the art parameter. | |||||
| CVE-2008-4900 | 1 Yourfreeworld | 1 Classifieds Blaster Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Blaster Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4906 | 2 E107, W1n78 | 2 E107, Lyrics | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4912 | 1 Rs Maxsoft | 2 Fotogalerie, Rs Maxsoft | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in popup_img.php in the fotogalerie module in RS MAXSOFT allows remote attackers to execute arbitrary SQL commands via the fotoID parameter. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. | |||||
| CVE-2008-5003 | 1 Shahrood | 1 Shahrood | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ndetail.php in Shahrood allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5000 | 1 Phpx | 1 Phpx | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the news_id parameter. | |||||
| CVE-2008-5004 | 1 Mywebland | 1 Bloggie Lite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in genscode.php in myWebland Bloggie Lite 0.0.2 beta allows remote attackers to execute arbitrary SQL commands via a crafted cookie. | |||||
| CVE-2008-5046 | 1 Mole Group | 1 Pizza Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Mole Group Pizza Script allows remote attackers to execute arbitrary SQL commands via the manufacturers_id parameter. | |||||
| CVE-2008-5047 | 1 Mole Group | 1 Rental Script | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in Mole Group Rental Script allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-5070 | 1 Pro Chat Rooms | 1 Pro Chat Rooms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Pro Chat Rooms 3.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the gud parameter to (1) profiles/index.php and (2) profiles/admin.php. | |||||
| CVE-2008-5226 | 3 Joomla, Mambads, Mambo | 3 Joomla, Mambads, Mambo | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177. | |||||
| CVE-2008-5074 | 1 Php-fusion | 2 Freshlinks Module, Php-fusion | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter. | |||||
| CVE-2008-5075 | 1 Scriptsfrenzy | 1 E-uploader Pro | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php. | |||||
| CVE-2008-5088 | 1 Knowledgebase-script | 1 Phpkb Knowledge Base Software | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909. | |||||
| CVE-2008-5123 | 1 Castillocentral | 1 Ccleague | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows remote attackers to execute arbitrary SQL commands via the u parameter. | |||||
| CVE-2008-5131 | 1 Develop It Easy | 1 News And Article System | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php). | |||||
| CVE-2008-5132 | 1 Memht | 1 Memht Portal | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header. | |||||
| CVE-2008-5166 | 1 Easysitenetwork | 1 Riddles Website | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 allows remote attackers to execute arbitrary SQL commands via the riddleid parameter. | |||||
| CVE-2008-5168 | 1 Easysitenetwork | 1 Tips Complete Website | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 allows remote attackers to execute arbitrary SQL commands via the tipid parameter. | |||||
| CVE-2008-5169 | 1 Easysitenetwork | 1 Drinks Complete Website | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in drinks/drink.php in Drinks Complete Website 2.1.0 allows remote attackers to execute arbitrary SQL commands via the drinkid parameter. | |||||
| CVE-2008-5170 | 1 Easysitenetwork | 1 Cheats Complete Website | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in item.php in Cheats Complete Website 1.1.1 allows remote attackers to execute arbitrary SQL commands via the itemid parameter. | |||||
| CVE-2008-5174 | 1 Easysitenetwork | 1 Jokes Complete Website | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in joke.php in Jokes Complete Website 2.1.3 allows remote attackers to execute arbitrary SQL commands via the jokeid parameter. | |||||
| CVE-2008-5190 | 1 Eshop100 | 1 Eshop100 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter. | |||||
| CVE-2008-5191 | 1 Seportal | 1 Seportal | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php. | |||||
| CVE-2008-5192 | 1 Philboard | 1 Philboard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might overlap CVE-2008-2334, CVE-2008-1939, CVE-2007-2641, or CVE-2007-0920. | |||||
| CVE-2008-5194 | 1 Softvisions Software | 1 Online Booking Manager | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5195 | 1 Sebrac | 1 Sebraccms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors. | |||||
| CVE-2008-5196 | 1 Php-fusion | 2 Php-fusion, The Kroax Module | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2008-5200 | 2 Joomla, Mambo | 3 Com Xewebtv, Joomla, Mambo | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Xe webtv (com_xewebtv) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | |||||
| CVE-2008-5208 | 2 Joomla, Mambo | 3 Com Datsogallery, Joomla, Mambo | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | |||||
| CVE-2008-5212 | 1 Aj Square | 1 Aj Auction | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the item_id parameter. | |||||
| CVE-2008-5213 | 1 Aj Square | 1 Aj Article | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in featured_article.php in AJ Article 1.0 allows remote attackers to execute arbitrary SQL commands via the artid parameter in a search detail action. | |||||
| CVE-2008-5215 | 1 Clanlite | 1 Clanlite | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter. | |||||
| CVE-2008-5216 | 1 Aj Square | 1 Zeuscart | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category_list.php in AJ Square ZeusCart 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-5223 | 1 Airvae | 1 Commerce | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. | |||||
| CVE-2008-5267 | 1 Experts | 1 Experts | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in answer.php in Experts 1.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the question_id parameter. | |||||
| CVE-2008-5269 | 1 Powie | 1 Psys | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows remote attackers to execute arbitrary SQL commands via the shownews parameter. | |||||