Total
12872 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-2510 | 1 Wordpress | 1 Upload File Plugin | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in wp-uploadfile.php in the Upload File plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the f_id parameter. | |||||
| CVE-2009-3501 | 1 Bpowerhouse | 1 Bpstudents | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in students.php in BPowerHouse BPStudents 1.0 allows remote attackers to execute arbitrary SQL commands via the test parameter in a preview action. | |||||
| CVE-2008-4080 | 1 Stash | 1 Stash | 2024-02-28 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username parameter to admin/library/authenticate.php and the (2) download parameter to downloadmp3.php. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2008-5957 | 2 Joomla, Mydyngallery | 2 Joomla, Mydyngallery | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Mydyngallery (com_mydyngallery) component 1.4.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the directory parameter to index.php. | |||||
| CVE-2008-6276 | 2 Drupal, Joomla | 2 User Karma Module, Joomla\! | 2024-02-28 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allow remote authenticated administrators to execute arbitrary SQL commands via (1) a content type or (2) a voting API value. | |||||
| CVE-2008-1913 | 1 Lasernet Cms | 1 Lasernet Cms | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the new parameter in a new action. | |||||
| CVE-2008-5632 | 1 Activewebsoftwares | 1 Active Time Billing | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3661 | 2 Blueconstantmedia, Joomla | 2 Com Djcatalog, Joomla | 2024-02-28 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the DJ-Catalog (com_djcatalog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a showItem action and (2) cid parameter in a show action to index.php. | |||||
| CVE-2009-1585 | 1 R020 | 1 Tematres | 2024-02-28 | 4.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_password parameters to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2008-7030 | 1 Site2nite | 1 Real Estate Web | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. | |||||
| CVE-2008-5707 | 1 Aspindir | 1 Iltaweb Alisveris Sistemi | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in urunler.asp in Iltaweb Alisveris Sistemi allows remote attackers to execute arbitrary SQL commands via the catno parameter. | |||||
| CVE-2009-0324 | 1 Bibciter | 1 Bibciter | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) idp parameter to reports/projects.php, the (2) idc parameter to reports/contacts.php, and the (3) idu parameter to reports/users.php. | |||||
| CVE-2008-2336 | 1 68 Classifieds | 1 68 Classifieds | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2009-4060 | 1 Cubecart | 1 Cubecart | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter. | |||||
| CVE-2008-5653 | 1 Myiosoft.com | 1 Ajaxportal | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2009-3965 | 1 Maniacomputer | 1 New5starrating | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter. | |||||
| CVE-2009-2618 | 1 Maxdev | 1 Mdpro | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php. | |||||
| CVE-2008-6117 | 1 Pilotgroup | 1 Pg Job Site Pro | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action. | |||||
| CVE-2008-3945 | 1 Source Workshop | 1 Words Tag Script | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action. | |||||
| CVE-2008-6303 | 1 Toursmanager | 1 Tours Manager | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tourview.php in ToursManager allows remote attackers to execute arbitrary SQL commands via the tourid parameter. | |||||