Total
12885 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-2439 | 1 Web Development House | 1 Alibaba Clone | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group. | |||||
| CVE-2008-2535 | 1 Fkrauthan | 1 Phoenix View Cms | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in admin/module/. | |||||
| CVE-2009-1799 | 1 Sebastian-thiele | 1 St-gallery | 2024-02-28 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) gallery_category or (2) gallery_show parameter to example.php. | |||||
| CVE-2008-6260 | 1 Ultrastats | 1 Ultrastats | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Ultrastats 0.2.144 and 0.3.11 allows remote attackers to execute arbitrary SQL commands via the serverid parameter. | |||||
| CVE-2008-4705 | 1 Phponlinedatingsoftware | 1 Myphpdating | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in success_story.php in php Online Dating Software MyPHPDating allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-0493 | 1 Martin Unzner | 1 It\!cms | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier allows remote attackers to execute arbitrary SQL commands via the Username. | |||||
| CVE-2008-3755 | 1 Yourfreeworld | 1 Classifieds | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2009-3495 | 1 Vastal | 1 Dvd Zone | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465. | |||||
| CVE-2008-4468 | 1 Vastal I-tech | 1 Share Zone | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_news.php in Vastal I-Tech Share Zone allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-6274 | 1 Mjcreation | 1 Familyproject | 2024-02-28 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or "Mot de passe" field). NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3504 | 1 Alibabaclone | 1 Alibaba Clone | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2009-3804 | 1 Runcms | 1 Runcms | 2024-02-28 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in modules/forum/post.php in RunCMS 2M1 allow remote authenticated users to execute arbitrary SQL commands via (1) the pid parameter, which is not properly handled by the store function in modules/forum/class/class.forumposts.php, or (2) the topic_id parameter. | |||||
| CVE-2008-4574 | 1 Aspindir | 1 Ayco Okul Portali | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Ayco Okul Portali allows remote attackers to execute arbitrary SQL commands via the linkid parameter. | |||||
| CVE-2008-2455 | 1 E107coders | 1 E107 Blog Engine | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the rid parameter. | |||||
| CVE-2008-2422 | 1 Webslider | 1 Webslider | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Web Slider 0.6 allows remote attackers to execute arbitrary SQL commands via the slide parameter in a slides action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-4716 | 1 Scriptdemo | 1 Php-lance | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2009-0426 | 1 Dmxready | 1 Classified Listings Manager | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CategoryManager/upload_image_category.asp in DMXReady Classified Listings Manager 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
| CVE-2008-6124 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt. | |||||
| CVE-2008-5088 | 1 Knowledgebase-script | 1 Phpkb Knowledge Base Software | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909. | |||||
| CVE-2008-2444 | 1 Calogic | 1 Calogic Calendars | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary SQL commands via the langsel parameter. | |||||