Total
16275 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0459 | 1 Wholehogsoftware | 1 Password Protect | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/login_submit.php in Whole Hog Password Protect: Enhanced 1.x allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter (aka Username field) or (2) the pwd parameter (aka Password field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-0267 | 1 Eticket | 1 Eticket | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php. | |||||
| CVE-2008-2194 | 1 Deluxebb | 1 Deluxebb | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter. | |||||
| CVE-2007-4173 | 1 Hunkaray Okul | 1 Portaly | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-3080. | |||||
| CVE-2008-2554 | 1 Bp Blog | 1 Bp Blog | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp. | |||||
| CVE-2008-6526 | 1 Bosdev | 1 Bos Classifieds | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in BosDev BosClassifieds allows remote attackers to execute arbitrary SQL commands via the cat_id parameter, a different vector than CVE-2008-1838. | |||||
| CVE-2007-2534 | 1 Phphoo3 | 1 Phphoo3 | 2025-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| ** DISPUTED ** Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use. | |||||
| CVE-2008-6640 | 1 Aspindir | 1 Batmanportal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and (2) profil.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-5333 | 1 Nitrotech | 1 Nitrotech | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in members.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-2232 | 1 Softbizscripts | 1 Banner Ad Management Script | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in image.php in Softbiz Banner Ad Management Script allows remote attackers to execute arbitrary SQL commands via the size_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-6152 | 1 Sepcity | 1 Faculty Portal | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Portal allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: this was originally reported for Lawyer Portal, which does not have a deptdisplay.asp file. | |||||
| CVE-2007-6498 | 1 Hosting Controller | 1 Hosting Controller | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot fix 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) email and (2) loginname parameters to Hosting/Addreseller.asp, (3) the sortfield parameter to accounts/accountmanager.asp, (4) the GateWayID parameter to OpenApi/GatewayVariables.asp, and possibly (5) unspecified vectors to IIS/iibind.asp. | |||||
| CVE-2008-2762 | 1 Xigla | 1 Absolute Form Processor Xe | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in search.asp in Xigla Absolute Form Processor XE 4.0 allows remote authenticated administrators to execute arbitrary SQL commands via the orderby parameter. | |||||
| CVE-2007-4922 | 2 Jeuxflash, Kwsphp | 2 Jeuxflash Module, Kwsphp | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in play.php in the jeuxflash 1.0 module for KwsPHP allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a play ac action to index.php. NOTE: some details are obtained from third party information. | |||||
| CVE-2008-5605 | 1 Aspapps | 1 Aspportal | 2025-04-09 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASP Portal allow remote attackers to execute arbitrary SQL commands via the (1) ItemID parameter to classifieds.asp and the (2) ID parameter to Events.asp. | |||||
| CVE-2008-2456 | 1 Comicshout | 1 Comicshout | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ComicShout 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the comic_id parameter. | |||||
| CVE-2008-6323 | 1 Cfmsource | 1 Cf Auction | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forummessages.cfm in CFMSource CF_Auction allows remote attackers to execute arbitrary SQL commands via the categorynbr parameter. | |||||
| CVE-2008-0879 | 1 Phpnuke | 1 Web Links Module | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in the Web_Links module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action. | |||||
| CVE-2009-0672 | 1 Ravenphpscripts | 1 Ravennuke | 2025-04-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php. | |||||
| CVE-2008-6466 | 2 Akirapowered, E107 | 2 Image Gallery, E107 | 2025-04-09 | 7.5 HIGH | N/A |
| SQL injection vulnerability in image_gallery.php in the Akira Powered Image Gallery (image_gallery) plugin 0.9.6.2 for e107 allows remote attackers to execute arbitrary SQL commands via the image parameter in an image-detail action. | |||||