Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0429 | 1 Alstrasoft | 1 Forum Pay Per Post Exchange | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action. | |||||
| CVE-2008-0424 | 1 Mooseguy Blog System | 1 Mgbs | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) 1.0 allows remote attackers to execute arbitrary SQL commands via the month parameter. | |||||
| CVE-2008-0421 | 1 Invision Power Services | 1 Invision Gallery | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command. | |||||
| CVE-2008-0601 | 1 All Club Cms | 1 All Club Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in All Club CMS (ACCMS) 0.0.1f and earlier allows remote attackers to execute arbitrary SQL commands via the name parameter. | |||||
| CVE-2008-0397 | 1 Aflog.org | 1 Aflog | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in aflog 1.01, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to comments.php and (2) an unspecified parameter to view.php. | |||||
| CVE-2008-0388 | 1 Wordpress | 1 Wp Forum | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the user parameter in a showprofile action to the default URI. | |||||
| CVE-2008-0371 | 1 Alilg | 1 Alitalk | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0358 | 1 Pixelpost | 1 Pixelpost | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Pixelpost 1.7 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter. | |||||
| CVE-2008-0355 | 1 Phpecho Cms | 1 Phpecho Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866. | |||||
| CVE-2007-6586 | 1 Niclor | 1 Niclor | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a sezione page action to index.php. | |||||
| CVE-2008-0353 | 1 Php-residence | 1 Php-residence | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in visualizza_tabelle.php in php-residence 0.7.2 and 1.0 allows remote attackers to execute arbitrary SQL commands via the cognome_cerca parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0328 | 1 Fascript | 1 Faname | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0327 | 1 Fascript | 1 Famp3 | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0326 | 1 Fascript | 1 Fapersianhack | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in class/show.php in FaScript FaPersianHack 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to show.php. | |||||
| CVE-2008-0325 | 1 Fascript | 1 Fapersian Petition | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in FaScript FaPersian Petition allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0290 | 1 Digitalhive | 1 Digitalhive | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php. | |||||
| CVE-2008-0282 | 1 Domphp | 1 Domphp | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 and earlier allows remote attackers to execute arbitrary SQL commands via the mail parameter. | |||||
| CVE-2008-0279 | 1 Xforum | 1 Xforum | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in liretopic.php in Xforum 1.4 and possibly others allows remote attackers to execute arbitrary SQL commands via the topic parameter. NOTE: the categorie parameter might also be affected. | |||||
| CVE-2008-0278 | 1 X7 Group | 1 X7 Chat | 2017-09-29 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the day parameter in a sm_window action. | |||||
| CVE-2008-0262 | 1 Agares Media | 1 Phpautovideo | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter. | |||||
| CVE-2008-0256 | 1 Matteo Binda | 1 Asp Photo Gallery | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp. | |||||
| CVE-2008-0255 | 1 Igamingcms | 1 Igaming Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 and earlier, allows remote attackers to execute arbitrary SQL commands via the section parameter. | |||||
| CVE-2008-0254 | 1 Wavelink Media | 1 Tutorialcms | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in activate.php in TutorialCMS (aka Photoshop Tutorials) 1.02, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the userName parameter. | |||||
| CVE-2008-0232 | 1 Zero Cms | 1 Zero Cms | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php. | |||||
| CVE-2007-6664 | 1 Webportal | 1 Webportal Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter. | |||||
| CVE-2007-6583 | 1 1024 Cms | 1 1024 Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/ops/findip/ajax/search.php in 1024 CMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via the ip parameter. | |||||
| CVE-2008-0219 | 1 Php Webquest | 1 Php Webquest | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in soporte_horizontal_w.php in PHP Webquest 2.6 allows remote attackers to execute arbitrary SQL commands via the id_actividad parameter, a different vector than CVE-2007-4920. | |||||
| CVE-2008-0187 | 1 Spacial Audio Solutions | 1 Samphpweb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in songinfo.php in SAM Broadcaster samPHPweb, possibly 4.2.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the songid parameter. | |||||
| CVE-2008-0159 | 1 Eggblog | 1 Eggblog | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the eggblogpassword parameter in a cookie. | |||||
| CVE-2008-0157 | 1 Flexbb | 1 Flexbb | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the flexbb_temp_id parameter in a cookie. | |||||
| CVE-2008-0154 | 1 Evilboard | 1 Evilboard | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) allows remote attackers to execute arbitrary SQL commands the c parameter. | |||||
| CVE-2007-6663 | 2 Joomla, Pragmatic Utopia | 2 Joomla, Pu Arcade | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) Puarcade.php and (2) PUarcade.html.php in Pragmatic Utopia PU Arcade (com_puarcade) 2.0.3, 2.1.2, and 2.1.3 Beta component for Joomla! allows remote attackers to execute arbitrary SQL commands via the fid parameter to index.php. | |||||
| CVE-2008-0147 | 1 Smallnuke | 1 Smallnuke | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in SmallNuke 2.0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via (1) the user_email parameter and possibly (2) username parameter in a Members action. | |||||
| CVE-2008-0144 | 1 Phprisk | 1 Netrisk | 2017-09-29 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged for local file inclusion using directory traversal sequences. | |||||
| CVE-2007-6575 | 1 Brand039 | 1 Mmslamp | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.php in MMSLamp allows remote attackers to execute arbitrary SQL commands via the idpro parameter in a prodotti_dettaglio action. | |||||
| CVE-2007-6656 | 1 Cmsmadesimple | 1 Cms Made Simple | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content_css.php in the TinyMCE module for CMS Made Simple 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the templateid parameter. | |||||
| CVE-2008-0142 | 1 Webportal | 1 Webportal Cms | 2017-09-29 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow remote attackers to execute arbitrary SQL commands via the user_name parameter to actions.php, and unspecified other vectors. | |||||
| CVE-2008-1759 | 2 Jeuxflash, Kwsphp | 2 Jeuxflash Module, Kwsphp | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922. | |||||
| CVE-2008-1774 | 1 Pligg | 1 Pligg Cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1758 | 1 Kwsphp | 1 Kwsphp | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to index.php. | |||||
| CVE-2008-1789 | 1 Prozilla | 1 Forum | 2017-09-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in forum.php in Prozilla Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter. | |||||
| CVE-2008-1791 | 1 Mygamingladder | 1 Mygamingladder | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and earlier allows remote attackers to execute arbitrary SQL commands via the ladderid parameter. | |||||
| CVE-2008-1750 | 1 Livecart | 1 Livecart | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI. | |||||
| CVE-2008-1847 | 1 Coronamatrix | 1 Phpaddressbook | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook 2.11 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1838 | 1 Bosdev | 1 Bosclassifieds Ads Systems | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BosClassifieds Classified Ads System 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php. | |||||
| CVE-2008-1858 | 1 724cms | 1 724cms | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. | |||||
| CVE-2008-1859 | 1 Iscripts | 1 Socialware | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in events.php in iScripts SocialWare allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action. | |||||
| CVE-2008-1907 | 1 Cpcommerce | 1 Cpcommerce | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in functions/display_page.func.php in cpCommerce 1.1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_product, (2) id_manufacturer, and (3) id_category parameters to unspecified components. NOTE: this probably overlaps CVE-2007-2959 and CVE-2007-2890. | |||||
| CVE-2008-1863 | 1 Prozilla | 1 Cheats | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_reviews.php in Prozilla Cheat Script (aka Cheats) 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1864 | 1 Prozilla | 1 Prozilla Freelancers | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter. | |||||