Total
16275 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1662 | 1 Recipescript | 1 Recipe Script | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) Password fields, as reachable from admin/index.php. | |||||
| CVE-2008-3351 | 1 Atomphotoblog | 1 Atomphotoblog | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog 1.0.9.1 and 1.1.5b1 allows remote attackers to execute arbitrary SQL commands via the photoId parameter in a show action. | |||||
| CVE-2009-1810 | 1 Collector | 1 Mycolex | 2025-04-09 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) medium.php, (4) person.php, or (5) schlagwort.php in modules/, related to classes/class.perform.php. | |||||
| CVE-2009-4576 | 2 Cmstactics, Joomla | 2 Com Beeheard, Joomla\! | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the BeeHeard (com_beeheard) component 1.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a suggestions action to index.php. | |||||
| CVE-2009-4208 | 1 Open-school | 1 Open-school | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the os_news module in Open-school (OS) 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to index.php. | |||||
| CVE-2009-0406 | 1 Community Cms | 1 Community Cms | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-4611 | 1 Php Arsivimiz | 1 Php Ziyaretci Defteri | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PHP Arsivimiz Php Ziyaretci Defteri allows remote attackers to execute arbitrary SQL commands via the sayfa parameter. | |||||
| CVE-2008-2428 | 1 Torrenttrader | 1 Torrenttrader Classic | 2025-04-09 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) wantusername parameter to account-signup.php, or the (3) receiver parameter to account-inbox.php in a msg action. | |||||
| CVE-2008-1494 | 1 Easy-clanpage | 1 Easy-clanpage | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in inc/module/online.php in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a user details action, a different vector than CVE-2008-1425. | |||||
| CVE-2008-6394 | 1 Cs-cart | 1 Cs-cart | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter. | |||||
| CVE-2008-4084 | 1 Myiosoft | 1 Easyclassifields | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in staticpages/easyclassifields/index.php in MyioSoft EasyClassifields 3.0 allows remote attackers to execute arbitrary SQL commands via the go parameter in a browse action. | |||||
| CVE-2009-4399 | 2 Fr.simon Rundell, Typo3 | 2 Hs Religiousartgallery, Typo3 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-5000 | 1 Phpx | 1 Phpx | 2025-04-09 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the news_id parameter. | |||||
| CVE-2008-0546 | 1 Shoppingtree | 1 Candypress Store | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idProduct and (2) options parameters to (a) ajax/ajax_optInventory.asp, or the (2) recid parameter to (b) ajax/ajax_getBrands.asp. | |||||
| CVE-2008-4804 | 2 Nukedgallery, Phpnuke | 2 Gallery, Php-nuke | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the aid parameter in a showalbum action to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. | |||||
| CVE-2009-1027 | 1 Opencart | 1 Opencart | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2008-0810 | 2 Joomla, Mambo | 2 Com Scheduling Component, Com Scheduling Component | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-5088 | 1 Knowledgebase-script | 1 Phpkb Knowledge Base Software | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909. | |||||
| CVE-2007-0350 | 1 Sme | 1 Filemailer | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php in SmE FileMailer 1.21 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ps, (2) us, (3) f, or (4) code parameter. NOTE: the us vector in index.php is already covered by CVE-2007-0346. | |||||
| CVE-2009-2311 | 2 Selbstzweck, Woltlab | 2 Rgallery Plugin, Burning Board | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab Burning Board (WBB3) allows remote attackers to execute arbitrary SQL commands via the userID parameter in the RGalleryUserGallery page to index.php, a different vector than CVE-2008-4627. | |||||