Search
Total
4188 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6593 | 2 Lightneasy, Sqlite | 2 Lightneasy, Sqlite | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy SQLite 1.2.2 and earlier allows remote attackers to inject arbitrary PHP code into comments.dat via the dlid parameter to index.php. | |||||
| CVE-2008-6618 | 1 Netlab | 1 Classsystem | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote attackers to execute arbitrary SQL commands via the teacher_id parameter in (1) class/HomepageMain.php and (2) class/HomepageTop.php, and (3) the message_id parameter in class/MessageReply.php. | |||||
| CVE-2008-6985 | 1 Zen-cart | 1 Zen Cart | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart. | |||||
| CVE-2008-6149 | 2 Joomla, Joomlaapps | 2 Joomla, Com Mdigg | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cagtegory parameter in a story_lists action to index.php. | |||||
| CVE-2008-6043 | 1 Phpprobid | 1 Php Pro Bid | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow remote attackers to execute arbitrary SQL commands via the (1) order_field and (2) order_type parameters to categories.php and unspecified other components. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6038 | 1 Mapcal | 1 Mapcal | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MapCal 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in an editevent action, possibly related to dsp_editevent.php. | |||||
| CVE-2008-5998 | 1 Drupal | 2 Ajax Checklist, Drupal | 2018-10-11 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters. | |||||
| CVE-2008-6069 | 2 123flashchat, E107 | 2 Echat Plugin, E107 | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter. | |||||
| CVE-2008-5707 | 1 Aspindir | 1 Iltaweb Alisveris Sistemi | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter. | |||||
| CVE-2008-5957 | 2 Joomla, Mydyngallery | 2 Joomla, Mydyngallery | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Mydyngallery (com_mydyngallery) component 1.4.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the directory parameter to index.php. | |||||
| CVE-2008-5222 | 1 Dvbbs | 1 Dvbbs | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-5268 | 1 Aspportal | 1 Aspportal | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content/forums/reply.asp in ASPPortal allows remote attackers to execute arbitrary SQL commands via the Topic_Id parameter. | |||||
| CVE-2008-5336 | 1 Bdigital Web Solutions | 1 Webstudio Cms | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WebStudio CMS allows remote attackers to execute arbitrary SQL commands via the pageid parameter. | |||||
| CVE-2008-5097 | 1 Myfwb | 1 Myfwb | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in MyFWB 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2008-5163 | 1 Theratstudios | 1 The Rat Cms | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewarticle.php and (2) viewarticle2.php. | |||||
| CVE-2008-5051 | 2 Jooblog, Joomla | 2 Jooblog, Joomla | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PostID parameter to index.php. | |||||
| CVE-2008-4611 | 1 Php Arsivimiz | 1 Php Ziyaretci Defteri | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretci Defteri allows remote attackers to execute arbitrary SQL commands via the sayfa parameter. | |||||
| CVE-2008-4732 | 2 Pressography, Wordpress | 2 Wp Comment Remix Plugin, Wordpress | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ajax_comments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2008-4777 | 2 Joomla, Mambo | 3 Com Lms, Joomla, Mambo | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task. | |||||
| CVE-2008-4778 | 1 Dream4 | 1 Koobi Cms | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action. | |||||
| CVE-2008-4458 | 1 E-php Scripts | 1 B2b Trading Marketplace Script | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in listings.php in E-Php B2B Trading Marketplace Script allows remote attackers to execute arbitrary SQL commands via the cid parameter in a product action. | |||||
| CVE-2008-4423 | 1 Ovidentia | 1 Ovidentia | 2018-10-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action. | |||||
| CVE-2008-4364 | 1 Parsagostar | 1 Parsaweb Cms | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page. | |||||
| CVE-2008-4338 | 1 Vacilanda | 1 Brilliant Gallery | 2018-10-11 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in the brilliant_gallery_checklist_save function in the bgchecklist/save script in Brilliant Gallery 5.x and 6.x, a module for Drupal, allows remote authenticated users with "access brilliant_gallery" permissions to execute arbitrary SQL commands via the (1) nid, (2) qid, (3) state, and possibly (4) user parameters. | |||||
| CVE-2008-4205 | 1 Attachmax | 1 Dolphin | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-4328 | 1 Easyrealtorpro | 1 Easyrealtorpro | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 allows remote attackers to execute arbitrary SQL commands via the (1) item, (2) search_ordermethod, and (3) search_order parameters. | |||||
| CVE-2008-4078 | 3 Dws Systems Inc., Ledgersmb, Sql-ledger | 3 Sql-ledger, Ledgersmb, Sql-ledger | 2018-10-11 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-4072 | 1 Phsdev | 1 Phsblog | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter in a pickup action or (2) the sql_cid parameter, different vectors than CVE-2008-3588. | |||||
| CVE-2008-3948 | 1 Xrms | 1 Xrms Crm | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors. | |||||
| CVE-2008-3888 | 1 Aspindir | 1 Mini Nuke Freehost | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 allows remote attackers to execute arbitrary SQL commands via the uid parameter in a member_details action. | |||||
| CVE-2008-3867 | 1 Cce-interact | 1 Interact | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the email_user_key parameter. | |||||
| CVE-2008-3880 | 1 Zoneminder | 1 Zoneminder | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in zm_html_view_event.php in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary SQL commands via the filter array parameter. | |||||
| CVE-2008-3845 | 1 Craftysyntax | 1 Crafty Syntax Live Help | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php. | |||||
| CVE-2008-3768 | 1 Turnkeywebtools | 1 Sunshop Shopping Cart | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey Web Tools SunShop Shopping Cart before 4.1.5 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in an edit_registry action to index.php, (2) a vector involving the check_email function, and other vectors. | |||||
| CVE-2008-3762 | 1 Turnkeywebtools | 1 Php Live Helper | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php. | |||||
| CVE-2008-3563 | 1 Plogger | 1 Plogger | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings. | |||||
| CVE-2008-3582 | 1 Keld | 1 Php-mysql News Script | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in login.php in Keld PHP-MySQL News Script 0.7.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2008-3512 | 1 Php Nuke | 1 Kleinanzeigen Module | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the lid parameter in a visit action to modules.php. | |||||
| CVE-2008-3374 | 1 Gregarius | 1 Gregarius | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action. | |||||
| CVE-2008-3388 | 1 Easy-script | 1 Def Blog | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php. | |||||
| CVE-2008-3513 | 1 Php Nuke | 1 Basis Consultant Book Catalog | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php. | |||||
| CVE-2008-3343 | 1 Myiosoft | 1 Easypublish | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in staticpages/easypublish/index.php in MyioSoft EasyPublish 3.0tr (trial edition) allows remote attackers to execute arbitrary SQL commands via the read parameter in a search action. | |||||
| CVE-2008-3369 | 1 Viart | 1 Viart Shop | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the category_id parameter. | |||||
| CVE-2008-3556 | 1 Haudenschilt | 1 Battlenet Clan Script | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522. | |||||
| CVE-2008-3347 | 1 Myiosoft | 1 Easydynamicpages | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition (tr) allows remote attackers to execute arbitrary SQL commands via the read parameter. | |||||
| CVE-2008-3297 | 1 Social Engine | 1 Social Engine | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SocialEngine (SE) before 2.83 allow remote attackers to execute arbitrary SQL commands via (1) an se_user cookie to include/class_user.php or (2) an se_admin cookie to include/class_admin.php. | |||||
| CVE-2008-3151 | 2 Phpnuke, Warpspeed | 2 4ndvddb, 4ndvddb | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action. | |||||
| CVE-2008-3185 | 1 Vclcomponents | 1 Relative Real Estate Systems | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Relative Real Estate Systems 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action. | |||||
| CVE-2008-3206 | 1 Iamilkay | 1 Yuhhu Pubs Black Cat | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black Cat allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2008-3034 | 1 Rss Aggregator | 1 Rss Aggregator | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php. | |||||