Search
Total
8599 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5678 | 1 Phpbasic | 1 Phpbasic | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Music module in phpBasic allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to the default URI. | |||||
| CVE-2007-5372 | 2 Dws Systems Inc., Ledgersmb | 2 Sql-ledger, Ledgersmb | 2018-10-15 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field. | |||||
| CVE-2007-5430 | 1 Scottmanktelow | 1 Stride Cms | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Stride 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the p parameter to main.php in the Content Management System, (2) the id parameter in a sto cmd action to shop.php in the Merchant subsystem, or the (3) course or (4) provider parameter to detail.php in the Courses subsystem. | |||||
| CVE-2007-5371 | 1 Modxcms | 1 Modxcms | 2018-10-15 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in mutate_content.dynamic.php in MODx 0.9.6 allow remote attackers to execute arbitrary SQL commands via the (1) documentDirty or (2) modVariables parameter. | |||||
| CVE-2007-5220 | 1 Asp Product Catalog | 1 Asp Product Catalog | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in catalog.asp in ASP Product Catalog allows remote attackers to execute arbitrary SQL commands via the cid parameter and possibly other parameters. | |||||
| CVE-2007-5189 | 1 X-script | 1 Guestbook | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters. | |||||
| CVE-2007-5131 | 1 Interspire | 1 Activekb Nx | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x allows remote attackers to execute arbitrary SQL commands via the catId parameter in a browse action. NOTE: it was separately reported that ActiveKB 1.5 is also affected. | |||||
| CVE-2007-5150 | 1 Nukescripts | 1 Nukesentinel | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the is_god function in includes/nukesentinel.php in NukeSentinel 2.5.11 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie, a different vector than CVE-2007-5125. | |||||
| CVE-2007-5141 | 1 Sitex | 1 Sitex Cms | 2018-10-15 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||
| CVE-2007-5151 | 1 Nukescripts | 1 Nukesentinel | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the abget_admin function in includes/nukesentinel.php in NukeSentinel 2.5.12 allows remote attackers to execute arbitrary SQL commands via base64-encoded data in an admin cookie. | |||||
| CVE-2007-4777 | 1 Joomla | 1 Joomla | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778. | |||||
| CVE-2007-4835 | 1 Phpmyquote | 1 Phpmyquote | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action. | |||||
| CVE-2007-4837 | 1 Proxy Anket | 1 Proxy Anket | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4863 | 1 Quirm | 1 Saxon | 2018-10-15 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in example.php in SAXON 5.4 allows remote attackers to execute arbitrary SQL commands via the template parameter. | |||||
| CVE-2007-4881 | 1 Psi-labs | 1 Social Networking Script Psisns | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profile/myprofile.php in psi-labs.com social networking script (psisns), probably 1.0, allows remote attackers to execute arbitrary SQL commands via the u parameter. | |||||
| CVE-2007-4918 | 1 Gelatocms | 1 Gelatocms | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php. | |||||
| CVE-2007-4810 | 1 Netjuke | 1 Netjuke | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to execute arbitrary SQL commands via (1) the ge_id parameter in a list.artists action to explore.php or (2) the id parameter in a show.tracks action to xml.php. | |||||
| CVE-2007-4719 | 1 212cafe | 1 212cafeboard | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4762 | 1 E-smart Cart | 1 E-smart Cart | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMARTCART 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass fields, different vectors than CVE-2007-0092. | |||||
| CVE-2007-4611 | 1 Dale Mooney | 1 Calendar Events | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewevent.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4456 | 2 Mambo, Parkview Consultants | 2 Mambo, Simplefaq | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo. | |||||
| CVE-2007-4540 | 1 Olate | 1 Olatedownload | 2018-10-15 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header. | |||||
| CVE-2007-4491 | 1 Gurur Haber | 1 Gurur Haber | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2007-4368 | 1 Ibm | 1 Rational Clearquest | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) Web 7.0.0.0-IFIX02 and 7.0.0.1 allows remote attackers to execute arbitrary SQL commands via the username parameter in a GenerateMainFrame command. | |||||
| CVE-2007-4095 | 1 Bsm Store | 1 Dependent Forums | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows remote attackers to execute arbitrary SQL commands via a Username field in an unspecified component, probably the FrmUserName parameter in login.asp. | |||||
| CVE-2007-4173 | 1 Hunkaray Okul | 1 Portaly | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-3080. | |||||
| CVE-2007-4207 | 1 Kerberosdev | 1 Gallery In A Box | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin_console/index.asp in Gallery In A Box allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: these fields might be associated with the txtUsername and txtPassword parameters. | |||||
| CVE-2007-3884 | 1 Aspindir | 1 Husrevforum | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in philboard_forum.asp in husrevforum 1.0.1 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: it was later reported that 2.0.1 is also affected. | |||||
| CVE-2007-3705 | 1 Fusetalk | 1 Fusetalk | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to execute arbitrary SQL commands via the FTVAR_SUBCAT (txForumID) parameter to forum/index.cfm and possibly other unspecified components, related to forum/include/error/forumerror.cfm. | |||||
| CVE-2007-3563 | 1 Avscripts | 1 Av Arcade | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/view_page.php in AV Arcade 2.1b allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_page action to index.php. | |||||
| CVE-2018-14058 | 1 Pimcore | 1 Pimcore | 2018-10-12 | 4.0 MEDIUM | 6.5 MEDIUM |
| Pimcore before 5.3.0 allows SQL Injection via the REST web service API. | |||||
| CVE-2018-1000653 | 1 Zzcms | 1 Zzcms | 2018-10-12 | 7.5 HIGH | 9.8 CRITICAL |
| zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx. | |||||
| CVE-2018-15151 | 1 Open-emr | 1 Openemr | 2018-10-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in interface/de_identification_forms/find_code_popup.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'search_term' parameter. | |||||
| CVE-2018-15150 | 1 Open-emr | 1 Openemr | 2018-10-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php. | |||||
| CVE-2018-15149 | 1 Open-emr | 1 Openemr | 2018-10-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in interface/forms/eye_mag/php/Anything_simple.php from library/forms.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'encounter' parameter. | |||||
| CVE-2018-15148 | 1 Open-emr | 1 Openemr | 2018-10-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter. | |||||
| CVE-2018-15147 | 1 Open-emr | 1 Openemr | 2018-10-12 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in interface/forms_admin/forms_admin.php from library/registry.inc in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'id' parameter. | |||||
| CVE-2009-0339 | 1 Dmxready | 1 Blog Manager | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to execute arbitrary SQL commands via the itemID parameter in a view action. | |||||
| CVE-2009-0542 | 1 Proftpd Project | 1 Proftpd | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "'" (single quote) character during variable substitution by mod_sql. | |||||
| CVE-2009-0302 | 1 Php-nuke | 1 Downloads Module | 2018-10-11 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 8.1.0.3.5b and earlier allows remote authenticated users to execute arbitrary SQL commands via the url parameter in the Add operation to modules.php. | |||||
| CVE-2009-0377 | 1 Joomla | 2 Com Beamospetition, Joomla | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132. | |||||
| CVE-2009-0409 | 1 Mzbservices | 1 Max.blog | 2018-10-11 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2009-0516 | 1 Businessspace | 1 Businessspace | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the classified page (classified.php) in BusinessSpace 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. | |||||
| CVE-2009-0429 | 1 Activewebsoftwares | 1 Active Bids | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php. | |||||
| CVE-2008-7059 | 1 Aled Owen | 1 One-news | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in One-News Beta 2 allows remote attackers to execute arbitrary SQL commands via the q parameter. | |||||
| CVE-2008-7091 | 1 Pligg | 1 Pligg Cms | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php. | |||||
| CVE-2008-7030 | 1 Site2nite | 1 Real Estate Web | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. | |||||
| CVE-2008-7145 | 1 Coronamatrix | 1 Phpaddressbook | 2018-10-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in CoronaMatrix phpAddressBook 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) parameters. | |||||
| CVE-2008-7267 | 1 Boka | 1 Siteengine | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-7208 | 1 Insane Visions | 1 Onecms | 2018-10-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php. | |||||