Total
16275 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1622 | 1 Ecshop | 1 Ecshop | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote attackers to execute arbitrary SQL commands via the order_sn parameter in an order_query action. | |||||
| CVE-2009-0421 | 1 Joomla | 2 Com Eventing, Joomla | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Eventing (com_eventing) 1.6.x component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2008-5803 | 1 E-topbiz | 1 Online Store | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/login.php in E-topbiz Online Store 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka username field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-4569 | 1 Elkagroup | 1 Image Gallery | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/. | |||||
| CVE-2008-1313 | 1 Bill Roberts | 1 Bloo | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) post_id, (2) post_category_id, (3) post_year_month, and (4) static_page_id parameters; and unspecified other vectors. | |||||
| CVE-2008-2446 | 1 Wgcc | 1 Web Group Communication Center | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) userid parameter to (a) profile.php in a "show moreinfo" action; the (2) bildid parameter to (b) picturegallery.php in a shownext action; the (3) id parameter to (c) filebase.php in a freigeben action, (d) schedule.php in a del action, and (e) profile.php in an observe action; and the (4) pmid parameter in a delete action and (5) folderid parameter in a showfolder action to (f) message.php. | |||||
| CVE-2008-2844 | 1 Carscripts | 1 Carscripts Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Carscripts Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2008-6392 | 1 1scripts | 1 Z1exchange | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showads.php in Z1Exchange allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5599 | 1 Merlix | 1 Teamworx Server | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter (aka passwd field) in a login action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-5738 | 1 Punbb | 1 Punbb | 2025-04-09 | 2.1 LOW | 7.2 HIGH |
| Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-0849 | 2 Joomla, Mambo | 2 Com Downloads, Com Downloads | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652. | |||||
| CVE-2008-2205 | 1 Maianscriptworld | 1 Maian Music | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action. | |||||
| CVE-2007-6658 | 1 Customcms | 1 Ccms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page. | |||||
| CVE-2009-2023 | 1 Shop-script | 1 Shop-script | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter. | |||||
| CVE-2008-0469 | 1 Tiger Php News System | 1 Tiger Php News System | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action. | |||||
| CVE-2007-6163 | 1 Gouae | 1 Dwd Realty | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty allows remote attackers to execute arbitrary SQL commands via the pword (aka Password) parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-4611 | 1 Dale Mooney | 1 Calendar Events | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewevent.php in Moonware (aka Dale Mooney Gallery) allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6517 | 1 Nick Jenkin | 1 Newshowler | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in NewsHOWLER 1.03 Beta allows remote attackers to execute arbitrary SQL commands via the news_user cookie parameter. | |||||
| CVE-2009-0110 | 1 Riotpix | 1 Riotpix | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in read.php in RiotPix 0.61 and earlier allows remote attackers to execute arbitrary SQL commands via the forumid parameter. | |||||
| CVE-2008-6917 | 1 Exoscripts | 1 Exophpdesk | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 Final allows remote attackers to execute arbitrary SQL commands via the username (user parameter). | |||||