Total
12885 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6941 | 1 Turnkeyforms | 1 Web Hosting Directory | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field. | |||||
| CVE-2008-5434 | 1 Punbb | 1 Punbb | 2024-02-28 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php. | |||||
| CVE-2009-2402 | 1 Phpecho Cms | 1 Phpecho Cms | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355. | |||||
| CVE-2009-1853 | 1 Kenseiboard | 1 Kensei Board | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Kensei Board 2.0 BETA (aka 2.0.0b) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) f and (2) t parameters in a showforum action. | |||||
| CVE-2008-2906 | 1 Webchamado | 1 Webchamado | 2024-02-28 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the tsk_id parameter. | |||||
| CVE-2008-5631 | 1 Activewebsoftwares | 1 Active Ewebquiz | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6405 | 1 Greatclone | 1 Hotscripts Clone | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showcategory.php in Hotscripts Clone allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-4082 | 1 Brim-project | 1 Brim | 2024-02-28 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php. | |||||
| CVE-2008-6371 | 1 Ocean12tech | 1 Membership Manager Pro | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in Ocean12 Membership Manager Pro allows remote attackers to execute arbitrary SQL commands via the username (Username parameter). | |||||
| CVE-2008-3848 | 1 Pdesigner | 1 Z-breaknews | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-1968 | 1 Cezannesw | 1 Cezanne | 2024-02-28 | 6.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp. | |||||
| CVE-2008-2903 | 1 Awbs | 1 Advanced Webhost Billing System | 2024-02-28 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in news.php in Advanced Webhost Billing System (AWBS) 2.3.3 through 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the viewnews parameter. | |||||
| CVE-2008-5774 | 1 Aspsiteware | 1 Homebuilder | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to (a) type.asp and (b) type2.asp and the (2) iPro parameter to (c) detail.asp. | |||||
| CVE-2009-2604 | 1 Zenhelpdesk | 1 Zen Help Desk | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp. | |||||
| CVE-2008-2999 | 1 Drupal | 2 Aggregation Module, Drupal | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2008-4073 | 1 Zanfi Solutions | 1 Autodealers Cms Autonline | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action. | |||||
| CVE-2008-4205 | 1 Attachmax | 1 Dolphin | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action to index.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-7091 | 1 Pligg | 1 Pligg Cms | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php. | |||||
| CVE-2008-7075 | 1 Kalptaru Infotech | 1 Stararticles | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid parameter to article.list.php; or the artid parameter to (2) article.print.php, (3) article.comments.php, (4) article.publisher.php, or (5) article.download.php; and (6) the PATH_INFO to article.download.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-6721 | 1 Ajsquare | 1 Aj Article | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AJ Square AJ Article allows remote attackers to execute arbitrary SQL commands via the txtName parameter (aka the username field). | |||||