Total
12339 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-7138 | 1 Oracle | 1 Apex | 2024-02-28 | 6.0 MEDIUM | N/A |
| SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter. NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven. | |||||
| CVE-2007-5986 | 1 Btiteam | 1 Btitracker | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/functions.php in BtiTracker before 1.4.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2007-4918 | 1 Gelatocms | 1 Gelatocms | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in classes/gelato.class.php in Gelato allows remote attackers to execute arbitrary SQL commands via the post parameter to index.php. | |||||
| CVE-2008-0281 | 1 Id-commerce | 1 Id-commerce | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in liste.php in ID-Commerce 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idFamille parameter. | |||||
| CVE-2007-4603 | 1 Altercoder | 1 Acg News | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter in a showarticle action or (2) the catid parameter in a showcat action. | |||||
| CVE-2007-6491 | 1 Kvaliitti | 1 Webdoc Cms | 2024-02-28 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS allow remote attackers to execute arbitrary SQL commands via (1) the cat_id parameter to categories.asp; and probably (2) the document_id parameter to categories.asp, and the (3) cat_id and (4) document_id parameters to subcategory.asp. | |||||
| CVE-2008-0770 | 1 Ibproarcade | 1 Ibproarcade | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the g_display_order cookie parameter. | |||||
| CVE-2008-0906 | 1 Php-nuke | 1 Php-nuke Module Docum | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Docum module in PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle operation. | |||||
| CVE-2007-3301 | 1 Fusetalk | 1 Fusetalk | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum/include/error/autherror.cfm in FuseTalk allows remote attackers to execute arbitrary SQL commands via the errorcode parameter. NOTE: a patch may have been released privately between April and June 2007. NOTE: this issue may overlap CVE-2007-3273. | |||||
| CVE-2007-2803 | 1 Vizayn Urun | 1 Tanitim Sitesi | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action. | |||||
| CVE-2007-6158 | 1 Proverbs | 1 Proverbs Web Calendar | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs Web Calendar 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) loginname (aka Username) and (2) loginpass (aka Password) parameters to caladmin.php. | |||||
| CVE-2007-4653 | 1 Phpbb | 1 Phpbb | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action. | |||||
| CVE-2007-4808 | 1 Tlm Cms | 1 Tlm Cms | 2024-02-28 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter to affichage.php, (5) the id_sal parameter to mod_forum/afficher.php, or (6) the id_sujet parameter to mod_forum/messages.php. NOTE: it was later reported that goodies.php and affichage.php scripts are reachable through index.php, and 1.1 is also affected. NOTE: it was later reported that the goodies.php vector also affects 3.1. | |||||
| CVE-2007-3399 | 1 Phpee | 1 Power Phlogger | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include/get_userdata.php in Power Phlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php. | |||||
| CVE-2008-0873 | 1 Jlmzone | 1 Classifieds | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action. | |||||
| CVE-2008-0469 | 1 Tiger Php News System | 1 Tiger Php News System | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Tiger Php News System (TPNS) 1.0b and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter in a newscat action. | |||||
| CVE-2006-6157 | 1 Michaelis Freunde | 1 Contentnow | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter. | |||||
| CVE-2007-5996 | 1 Softbizscripts | 1 Link Directory Script | 2024-02-28 | 7.5 HIGH | N/A |
| SQL injection vulnerability in searchresult.php in Softbiz Link Directory Script allows remote attackers to execute arbitrary SQL commands via the sbcat_id parameter, a related issue to CVE-2007-5449. | |||||
| CVE-2008-0129 | 1 Siteatschool | 1 Siteatschool | 2024-02-28 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in starnet/addons/slideshow_full.php in Site@School 2.3.10 and earlier allows remote attackers to execute arbitrary SQL commands via the album_name parameter. | |||||
| CVE-2007-6172 | 1 Wire Plastic Design | 1 Wpquiz | 2024-02-28 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php. | |||||