Total
12392 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-1163 | 1 Webspell | 1 Webspell | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783. | |||||
CVE-2007-6366 | 1 Sinecms | 1 Sinecms | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators. | |||||
CVE-2007-4846 | 1 Webace | 1 Webace-linkscript | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in start.php in Webace-Linkscript (wls) 1.3 Special Edition (SE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik go action. | |||||
CVE-2007-6299 | 1 Drupal | 1 Drupal | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x before 4.7.9 and 5.x before 5.4 allow remote attackers to execute arbitrary SQL commands via modules that pass input to the taxonomy_select_nodes function, as demonstrated by the (1) taxonomy_menu, (2) ajaxLoader, and (3) ubrowser contributed modules. | |||||
CVE-2006-5242 | 1 Etomite | 1 Etomite | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in Etomite Content Management System (CMS) before 0.6.1.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||||
CVE-2006-6706 | 1 Soumu | 3 Koukyoumuke Soumu Workflow, Soumo Workflow, Soumu Workflow | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages. | |||||
CVE-2008-0911 | 1 Iscripts | 1 Multicart | 2024-02-28 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter. | |||||
CVE-2007-4056 | 1 Adult Directory | 1 Adult Directory | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in directory.php in Prozilla Adult Directory allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action. NOTE: the original report indicated that this was the "photo" SourceForge project (aka Maan Bsat Photo Collection), but that was incorrect. | |||||
CVE-2007-4540 | 1 Olate | 1 Olatedownload | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in download.php in Olate Download (od) 3.4.2 allow remote attackers to execute arbitrary SQL commands via the (1) HTTP_REFERER or (2) HTTP_USER_AGENT HTTP header. | |||||
CVE-2008-0810 | 2 Joomla, Mambo | 2 Com Scheduling Component, Com Scheduling Component | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-0827 | 1 Phpnuke | 1 Book | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in the Books module of PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cid parameter. | |||||
CVE-2008-0811 | 1 Auracms | 1 Auracms | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote attackers to execute arbitrary SQL commands via (1) the kid parameter to (a) mod/dl.php or (b) mod/links.php, and (2) the query parameter to search.php. | |||||
CVE-2007-5458 | 1 Alorys-hebergement | 2 Kwsphp, Newsletter Module | 2024-02-28 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsletter parameter. | |||||
CVE-2007-5084 | 1 Broadcom | 1 Brightstor Hierarchical Storage Manager | 2024-02-28 | 6.8 MEDIUM | N/A |
Multiple SQL injection vulnerabilities in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary SQL commands via CsAgent service commands with opcodes (1) 0x07, (2) 0x08, (3) 0x09, (4) 0x1E, (5) 0x32, (6) 0x36, (7) 0x40, and possibly others. | |||||
CVE-2008-0518 | 2 Joomla, Mambo | 2 Com Recipes, Com Recipes | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | |||||
CVE-2007-4777 | 1 Joomla | 1 Joomla | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, probably related to the archive section. NOTE: this may be the same as CVE-2007-4778. | |||||
CVE-2007-4810 | 1 Netjuke | 1 Netjuke | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to execute arbitrary SQL commands via (1) the ge_id parameter in a list.artists action to explore.php or (2) the id parameter in a show.tracks action to xml.php. | |||||
CVE-2007-6575 | 1 Brand039 | 1 Mmslamp | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in default.php in MMSLamp allows remote attackers to execute arbitrary SQL commands via the idpro parameter in a prodotti_dettaglio action. | |||||
CVE-2008-0256 | 1 Matteo Binda | 1 Asp Photo Gallery | 2024-02-28 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp. | |||||
CVE-2008-0918 | 2 Astats, Joomla | 2 Astatspro, Com Astatspro | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |